CVE-2023-40254 HIGH

CVE-2023-40254

Vendor Genians

Product Genian NAC V4.0

Weakness CWE-89 · SQLi

Published August 11, 2023

Last update October 10, 2024

View on NVD All CVEs

CVSS base score

7.5/10

Attack vector Local

Attack complexity High

Privileges required High

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

Download of Code Without Integrity Check vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Malicious Software Update.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.

Key dates

02Disclosure timeline

August 11, 2023 CVE published

October 10, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-40254 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/89.html

Related vulnerabilities

Identifiers

CVE CVE-2023-40254

CWE CWE-89

CVSS 7.5 / HIGH

Affected versions

Vendor Genians

Product Genian NAC V4.0

Affected ≥ V4.0.0 and ≤ V4.0.155

Vendor Genians

Product Genian NAC V5.0

Affected ≥ V5.0.0 and ≤ V5.0.42 (Revision 117460)

Vendor Genians

Product Genian NAC Suite V5.0

Affected ≥ V5.0.0 and ≤ V5.0.54

Vendor Genians

Product Genian ZTNA

Affected ≥ V6.0.0 and ≤ V6.0.15

CVE-2023-40254

01Description

02Disclosure timeline

03References

04Related CVE