CVE-2021-26622
CRITICALGenian NAC 4.0-4.0.145.0831 - Remote Code Execution via SSTI and File Name Parameter
Title source: llmDescription
An remote code execution vulnerability due to SSTI vulnerability and insufficient file name parameter validation was discovered in Genian NAC. Remote attackers are able to execute arbitrary malicious code with SYSTEM privileges on all connected nodes in NAC through this vulnerability.
References (1)
Core 1
Core References
Broken Link, Third Party Advisory x_refsource_misc
https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66580
Scores
CVSS v3
9.6
EPSS
0.0285
EPSS Percentile
85.0%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Details
CWE
CWE-20
CWE-94
Status
published
Products (1)
genians/genian_nac
4.0 - 4.0.145.0831
Published
Mar 25, 2022
Tracked Since
Feb 18, 2026