GZ-SA-2024-001: Genian NAC 6.0 - Blind SQL Injection Vulnerability

Date

• April 26, 2024

CVSS score

• 2.2

Influence

• low

Details

We have discovered a problem that could lead to Blind SQL Injection attacks due to insufficient validation of input values for search conditions when searching for nodes in the Genie NAC management console. We have taken action and announced a security update to enhance product security.

Users using this version are recommended to update to the latest version.

• Genian NAC 6.0 SQL Injection (CVE-2024-23843)

Influence version

• Genian NAC 6.0.20 and below

• Genian NAC 6.0.16 LTS (Revision 125554 or earlier)

How to solve

The vulnerabilities included in this advisory can be addressed by updating to the versions below.

• Genian NAC 6.0.21 or later

• Genian NAC 6.0.16 LTS (Revision 12555 or later)

Temporary measures

• doesn't exist