CVE-2023-40254

Name of the Vulnerable Software and Affected Versions Genians Genian NAC versions 4.0.0 through 4.0.155 Genians Genian NAC versions 5.0.0 through 5.0.42 Genians Genian NAC Suite versions 5.0.0 through 5.0.54 Genians Genian ZTNA versions 6.0.0 through 6.0.15

Description The issue is related to a Download of Code Without Integrity Check vulnerability, which allows malicious software updates. This vulnerability affects various versions of Genians Genian NAC, Genian NAC Suite, and Genian ZTNA.

Recommendations For Genians Genian NAC versions 4.0.0 through 4.0.155, update to a version later than 4.0.155 to resolve the issue. For Genians Genian NAC versions 5.0.0 through 5.0.42, update to a version later than 5.0.42 to resolve the issue. For Genians Genian NAC Suite versions 5.0.0 through 5.0.54, update to a version later than 5.0.54 to resolve the issue. For Genians Genian ZTNA versions 6.0.0 through 6.0.15, update to a version later than 6.0.15 to resolve the issue. As a temporary workaround, consider restricting access to the software update mechanism to minimize the risk of exploitation.