CVE-2021-26622
Genian NAC remote code execution vulnerability
Vexday Risk Score
28Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 9.6EPSS 2.9%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
25 mar 2022Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
An remote code execution vulnerability due to SSTI vulnerability and insufficient file name parameter validation was discovered in Genian NAC. Remote attackers are able to execute arbitrary malicious code with SYSTEM privileges on all connected nodes in NAC through this vulnerability.
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Productos afectados
Genians Co., Ltd · Genian NAC Suite V4.0Genians Co., Ltd · Genian NAC V5.0 & Genian NAC Suite V5.0¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →