Lucene search

KrcertCVELIST:CVE-2021-26622

HistoryMar 25, 2022 - 6:02 p.m.

CVE-2021-26622 Genian NAC remote code execution vulnerability

2022-03-2518:02:39

CWE-20

krcert

www.cve.org

9.6 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

10 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.3%

JSON

An remote code execution vulnerability due to SSTI vulnerability and insufficient file name parameter validation was discovered in Genian NAC. Remote attackers are able to execute arbitrary malicious code with SYSTEM privileges on all connected nodes in NAC through this vulnerability.

CNA Affected

[
  {
    "platforms": [
      "Windows"
    ],
    "product": "Genian NAC Suite V4.0",
    "vendor": "Genians Co., Ltd",
    "versions": [
      {
        "lessThanOrEqual": "4.0.145.0831",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "platforms": [
      "Windows"
    ],
    "product": "Genian NAC V5.0 & Genian NAC Suite V5.0",
    "vendor": "Genians Co., Ltd",
    "versions": [
      {
        "lessThanOrEqual": "5.0.42.0827",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66580

9.6 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

10 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.3%

JSON

Related for CVELIST:CVE-2021-26622