GZ-SA-2023-001: Genian ZTNA - Multiple Vulnerabilities

Date

Aug 15, 2023

Serverity

High

Summary

The following vulnerabilities were discovered on the Genie Update Server and measures were taken, and additional security updates were released to enhance product security. Users using the affected version are recommended to update to the latest version.

Plaintext exposure vulnerability (CVE-2023-40251)
Unauthorized Script Execution Vulnerability (CVE-2023-40252)
Improper Authentication Vulnerability (CVE-2023-40253)
Integrity Verification Insufficient Vulnerability (CVE-2023-40254)

Affected Products

Genian ZTNA 6.0.15 or lower

Resolution

The vulnerabilities contained in this advisory can be addressed by upgrading to version listed below:

Genian ZTNA 6.0.16 or later

Workaround

Plaintext exposure vulnerabilities can be temporarily addressed by changing the event port.

Note

To address vulnerabilities, you must upgrade the policy server, network sensor, and agent.