5.9

CVE-2023-40251

EPSS 0.03%
Veröffentlicht 17.08.2023 07:15:43
Zuletzt bearbeitet 21.11.2024 08:19:03
Quelle vuln@krcert.or.kr
CVE-Watchlists
Login
Unerledigt
Login

Missing Encryption of Sensitive Data vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Man in the Middle Attack.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Genians ≫ Genian Nac SwEdition- Version >= 4.0.0 < 4.0.156

Genians ≫ Genian Nac SwEdition- Version >= 5.0.0 < 5.0.55

Genians ≫ Genian Nac Version5.0.42 Update- SwEditionlts

Genians ≫ Genian Nac Version5.0.42 Updaterevision_117460 SwEditionlts

Genians ≫ Genian Ztna Version >= 6.0.0 < 6.0.16

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.076

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.9	2.2	3.6	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
vuln@krcert.or.kr	5.2	1.5	3.6	CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

CWE-311 Missing Encryption of Sensitive Data

The product does not encrypt sensitive or critical information before storage or transmission.

https://docs.genians.com/nac/5.0/release/ko/advisories/GN-SA-2023-001.html

https://nvd.nist.gov/vuln/detail/CVE-2023-40251

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-40251

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-40251

EUVD