CVE-2021-27215

Name of the Vulnerable Software and Affected Versions: genua genugate versions 9.0 Z before p19 genua genugate versions 9.1.x through 9.6.x before 9.6 p7 genua genugate versions 10.x before 10.1 p4

Description: An issue was discovered in the Web Interfaces of genua genugate, where a specific authentication method during login does not check the provided data and returns OK for any authentication request, allowing an attacker to login to the admin panel as a user of their choice, including the root user or even a non-existing user. This is possible due to a lack of proper validation of the provided data when a certain manipulation occurs.

Recommendations: For genua genugate versions 9.0 Z before p19, update to version 9.0 Z p19 or later. For genua genugate versions 9.1.x through 9.6.x before 9.6 p7, update to version 9.6 p7 or later. For genua genugate versions 10.x before 10.1 p4, update to version 10.1 p4 or later. As a temporary workaround, consider restricting access to the Web Interfaces (Admin, Userweb, Sidechannel) until a patch is available.