Описание
An remote code execution vulnerability due to SSTI vulnerability and insufficient file name parameter validation was discovered in Genian NAC. Remote attackers are able to execute arbitrary malicious code with SYSTEM privileges on all connected nodes in NAC through this vulnerability.
Ссылки
- Broken LinkThird Party Advisory
- Broken LinkThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 4.0 (включая) до 4.0.145.0831 (включая)Версия от 5.0 (включая) до 5.0.42.0827 (включая)
Одновременно
Одно из
cpe:2.3:a:genians:genian_nac:*:*:*:*:*:*:*:*
cpe:2.3:a:genians:genian_nac:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
EPSS
Процентиль: 84%
0.02273
Низкий
9.6 Critical
CVSS3
10 Critical
CVSS3
10 Critical
CVSS2
Дефекты
CWE-20
CWE-94
Связанные уязвимости
CVSS3: 10
github
почти 4 года назад
An remote code execution vulnerability due to SSTI vulnerability and insufficient file name parameter validation was discovered in Genian NAC. Remote attackers are able to execute arbitrary malicious code with SYSTEM privileges on all connected nodes in NAC through this vulnerability.
EPSS
Процентиль: 84%
0.02273
Низкий
9.6 Critical
CVSS3
10 Critical
CVSS3
10 Critical
CVSS2
Дефекты
CWE-20
CWE-94