PT-2023-27346 · Genians · Genian Nac Suite+2

Publicado

2023-08-17

·

Atualizado

2023-08-29

·

CVE-2023-40251

CVSS v3.1

5.9

Média

VetorAV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions Genian NAC versions 4.0.0 through 4.0.155 Genian NAC versions 5.0.0 through 5.0.42 Genian NAC Suite versions 5.0.0 through 5.0.54 Genian ZTNA versions 6.0.0 through 6.0.15
Description The issue affects Genians products, allowing a Man in the Middle Attack due to missing encryption of sensitive data. This can be exploited in Genian NAC, Genian NAC Suite, and Genian ZTNA.
Recommendations For Genian NAC versions 4.0.0 through 4.0.155, update to a version later than 4.0.155 to resolve the issue. For Genian NAC versions 5.0.0 through 5.0.42, update to a version later than 5.0.42 to resolve the issue. For Genian NAC Suite versions 5.0.0 through 5.0.54, update to a version later than 5.0.54 to resolve the issue. For Genian ZTNA versions 6.0.0 through 6.0.15, update to a version later than 6.0.15 to resolve the issue.

Correção

Missing Encryption of Sensitive Data

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-311

Identificadores relacionados

CVE-2023-40251

Produtos afetados

Genian Nac
Genian Nac Suite
Genian Ztna