GN-SA-2021-002: Genian NAC - Multiple Vulnerability
Date
- Nov 5, 2021
Serverity
- High
Summary
Geinans has released updates that address multiple security vulnerabilities including the two critical vulnerabilities listed below as well as several other vulnerabilities.
- A problem in which a command injection vulnerability exists in a specific API called by a network sensor to obtain a shell of the system.
- When changing the password for a user authenticated to the node in the agent, there is a vulnerability that can change the password for a user other than the authenticated user.
- And few minor vulnerabilities.
Affected Products
- Genian NAC v5.0.41 or less
- Genian NAC v5.0.42 (LTS) revision 100181 or less
- Genian NAC v4.0.145 or less
Affected Components
- Policy Server
- Network Sensor
- Agent (Windows / macOS)
Resolution
The vulnerabilities contained in this advisory can be addressed by upgrading to version listed below:
- Genian NAC v5.0.42 (LTS) revision 100182 or higher
- Genian NAC v5.0.43 or higher
- Genian NAC v4.0.146
Workaround
- None