CVE-2023-40252

Name of the Vulnerable Software and Affected Versions Genians Genian NAC versions 4.0.0 through 4.0.155 Genians Genian NAC versions 5.0.0 through 5.0.42 Genians Genian NAC Suite versions 5.0.0 through 5.0.54 Genians Genian ZTNA versions 6.0.0 through 6.0.15

Description The issue is related to an Improper Control of Generation of Code ('Code Injection') vulnerability, which allows Replace Trusted Executable. This vulnerability affects various versions of Genians Genian NAC, Genian NAC Suite, and Genian ZTNA.

Recommendations For Genians Genian NAC versions 4.0.0 through 4.0.155, update to a version later than 4.0.155 to resolve the issue. For Genians Genian NAC versions 5.0.0 through 5.0.42, update to a version later than 5.0.42 to resolve the issue. For Genians Genian NAC Suite versions 5.0.0 through 5.0.54, update to a version later than 5.0.54 to resolve the issue. For Genians Genian ZTNA versions 6.0.0 through 6.0.15, update to a version later than 6.0.15 to resolve the issue. As a temporary workaround, consider restricting access to the Replace Trusted Executable feature until a patch is available.