GN-SA-2021-002: Genian NAC - Multiple Vulnerability
===================================================

Date
----
- Nov 5, 2021

Serverity
---------
- High

Summary
-------

Geinans has released updates that address multiple security vulnerabilities including the two critical vulnerabilities listed below as well as several other vulnerabilities.

- A problem in which a command injection vulnerability exists in a specific API called by a network sensor to obtain a shell of the system.
- When changing the password for a user authenticated to the node in the agent, there is a vulnerability that can change the password for a user other than the authenticated user.
- And few minor vulnerabilities.

Affected Products
-----------------
- Genian NAC v5.0.41 or less
- Genian NAC v5.0.42 (LTS) revision 100181 or less
- Genian NAC v4.0.145 or less

Affected Components
-------------------
- Policy Server
- Network Sensor
- Agent (Windows / macOS)

Resolution
----------
The vulnerabilities contained in this advisory can be addressed by upgrading to version listed below:

- `Genian NAC v5.0.42 (LTS)`_ revision 100182 or higher
- `Genian NAC v5.0.43`_ or higher
- Genian NAC v4.0.146

.. _Genian NAC v5.0.42 (LTS): ../releasenotes/genian-nac-5.0.42.html
.. _Genian NAC v5.0.43: ../releasenotes/genian-nac-5.0.43.html

Workaround
----------
- None