CVE-2023-40251

MEDIUM

Genians Genian Nac < 4.0.156 - Missing Encryption

Title source: rule

Description

Missing Encryption of Sensitive Data vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Man in the Middle Attack.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.

References (1)

[Release Notes] https://docs.genians.com/nac/5.0/release/ko/advisories/GN-SA-2023-001.html

Scores

CVSS v3 5.2

EPSS 0.0003

EPSS Percentile 8.4%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-311

Status published

Products (3)

genians/genian_nac 5.0.42 (2 CPE variants)

genians/genian_nac 4.0.0 - 4.0.156

genians/genian_ztna 6.0.0 - 6.0.16

Published Aug 17, 2023

Tracked Since Feb 18, 2026