PT-2023-27346 · Genians · Genian Nac Suite+2
Published
2023-08-17
·
Updated
2023-08-29
·
CVE-2023-40251
CVSS v3.1
5.9
Medium
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Genian NAC versions 4.0.0 through 4.0.155
Genian NAC versions 5.0.0 through 5.0.42
Genian NAC Suite versions 5.0.0 through 5.0.54
Genian ZTNA versions 6.0.0 through 6.0.15
Description
The issue affects Genians products, allowing a Man in the Middle Attack due to missing encryption of sensitive data. This can be exploited in Genian NAC, Genian NAC Suite, and Genian ZTNA.
Recommendations
For Genian NAC versions 4.0.0 through 4.0.155, update to a version later than 4.0.155 to resolve the issue.
For Genian NAC versions 5.0.0 through 5.0.42, update to a version later than 5.0.42 to resolve the issue.
For Genian NAC Suite versions 5.0.0 through 5.0.54, update to a version later than 5.0.54 to resolve the issue.
For Genian ZTNA versions 6.0.0 through 6.0.15, update to a version later than 6.0.15 to resolve the issue.
Fix
Missing Encryption of Sensitive Data
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Genian Nac
Genian Nac Suite
Genian Ztna