KrcertCVELIST:CVE-2021-26622CVE-2021-26622 Genian NAC remote code execution vulnerability
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
70.2%
An remote code execution vulnerability due to SSTI vulnerability and insufficient file name parameter validation was discovered in Genian NAC. Remote attackers are able to execute arbitrary malicious code with SYSTEM privileges on all connected nodes in NAC through this vulnerability.
CNA Affected
[
{
"platforms": [
"Windows"
],
"product": "Genian NAC Suite V4.0",
"vendor": "Genians Co., Ltd",
"versions": [
{
"lessThanOrEqual": "4.0.145.0831",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows"
],
"product": "Genian NAC V5.0 & Genian NAC Suite V5.0",
"vendor": "Genians Co., Ltd",
"versions": [
{
"lessThanOrEqual": "5.0.42.0827",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
70.2%