CVE-2023-40254

HIGH

Genians Genian Nac < 4.0.156 - SQL Injection

Title source: rule

Description

Download of Code Without Integrity Check vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Malicious Software Update.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.

References (1)

[Release Notes] https://docs.genians.com/nac/5.0/release/ko/advisories/GN-SA-2023-001.html

Scores

CVSS v3 7.5

EPSS 0.0004

EPSS Percentile 12.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-494 CWE-89

Status published

Products (3)

genians/genian_nac 5.0.42 (2 CPE variants)

genians/genian_nac 4.0.0 - 4.0.156

genians/genian_ztna 6.0.0 - 6.0.16

Published Aug 11, 2023

Tracked Since Feb 18, 2026