GZ-SA-2023-001: Genian NAC - Multiple Vulnerabilities
Date
- Aug 15, 2023
Serverity
- High
Summary
The following vulnerabilities were identified related to the Genian Update server(s):
- Missing Encryption of Sensitive Data vulnerability(CVE-2023-40251)
- Improper Control of Generation of Code (Code Injection) vulnerability(CVE-2023-40252)
- Improper Authentication vulnerability(CVE-2023-40253)
- Download of Code Without Integrity Check vulnerability(CVE-2023-40254)
Note
Server side actions were taken to mitigate threats, however, customers running the version(s) mentioned below are advised
to update to the fixed version(s) as soon as possible. Not updating may leave customers vulnerable as well as prevent customer policy servers from obtaining the latest updates from the Genian Update server infrastructure.
Affected Products
- Genian NAC 5.0.42 LTS (Revision 117460 or lower)
- Genian NAC 5.0.54 or lower
- Genian ZTNA 6.0.15 or lower
Affected Components
- Policy Server
- Network Sensor
- Agent
Resolution
The vulnerabilities contained in this advisory can be addressed by upgrading to version listed below:
- Genian NAC 5.0.42 LTS (Revision 117461 or higher)
- Genian NAC 5.0.55 or higher
- Genian ZTNA 6.0.16 or higher
Workaround
- None