GN-SA-2021-002: Genian NAC - Multiple Vulnerability

Date

  • Nov 5, 2021

Serverity

  • High

Summary

Geinans has released updates that address multiple security vulnerabilities including the two critical vulnerabilities listed below as well as several other vulnerabilities.

  • A problem in which a command injection vulnerability exists in a specific API called by a network sensor to obtain a shell of the system.
  • When changing the password for a user authenticated to the node in the agent, there is a vulnerability that can change the password for a user other than the authenticated user.
  • And few minor vulnerabilities.

Affected Products

  • Genian NAC v5.0.41 or less
  • Genian NAC v5.0.42 (LTS) revision 100181 or less
  • Genian NAC v4.0.145 or less

Affected Components

  • Policy Server
  • Network Sensor
  • Agent (Windows / macOS)

Resolution

The vulnerabilities contained in this advisory can be addressed by upgrading to version listed below:

Workaround

  • None