Overview
- Description
- An remote code execution vulnerability due to SSTI vulnerability and insufficient file name parameter validation was discovered in Genian NAC. Remote attackers are able to execute arbitrary malicious code with SYSTEM privileges on all connected nodes in NAC through this vulnerability.
- Source
- vuln@krcert.or.kr
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 10
- Impact score
- 6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 10
- Impact score
- 10
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:C/I:C/A:C
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:genians:genian_nac:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "18531798-C40C-4B87-857B-C5A9DA7BDC2F",
"versionEndIncluding": "4.0.145.0831",
"versionStartIncluding": "4.0"
},
{
"criteria": "cpe:2.3:a:genians:genian_nac:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "84369AB6-D67D-44C7-A302-AA2625E38949",
"versionEndIncluding": "5.0.42.0827",
"versionStartIncluding": "5.0"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]