{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-40254", "assignerOrgId": "cdd7a122-0fae-4202-8d86-14efbacc2863", "state": "PUBLISHED", "assignerShortName": "krcert", "dateReserved": "2023-08-11T01:54:13.646Z", "datePublished": "2023-08-11T06:08:19.709Z", "dateUpdated": "2024-10-10T14:58:22.730Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "Genian NAC V4.0", "vendor": "Genians", "versions": [{"changes": [{"at": "V4.0.156", "status": "unaffected"}], "lessThanOrEqual": "V4.0.155", "status": "affected", "version": "V4.0.0", "versionType": "custom"}]}, {"defaultStatus": "affected", "product": "Genian NAC V5.0", "vendor": "Genians", "versions": [{"changes": [{"at": "V5.0.42 (Revision 117461)", "status": "unaffected"}], "lessThanOrEqual": "V5.0.42 (Revision 117460)", "status": "affected", "version": "V5.0.0", "versionType": "custom"}]}, {"defaultStatus": "affected", "product": "Genian NAC Suite V5.0", "vendor": "Genians", "versions": [{"changes": [{"at": "V5.0.55", "status": "unaffected"}], "lessThanOrEqual": "V5.0.54", "status": "affected", "version": "V5.0.0", "versionType": "custom"}]}, {"defaultStatus": "affected", "product": "Genian ZTNA", "vendor": "Genians", "versions": [{"changes": [{"at": "V6.0.16", "status": "unaffected"}], "lessThanOrEqual": "V6.0.15", "status": "affected", "version": "V6.0.0", "versionType": "custom"}]}], "datePublic": "2023-07-31T05:16:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Download of Code Without Integrity Check vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Malicious Software Update.<p>This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.</p>"}], "value": "Download of Code Without Integrity Check vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Malicious Software Update.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.\n\n"}], "impacts": [{"capecId": "CAPEC-186", "descriptions": [{"lang": "en", "value": "CAPEC-186 Malicious Software Update"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "cdd7a122-0fae-4202-8d86-14efbacc2863", "shortName": "krcert", "dateUpdated": "2023-10-26T05:26:24.058Z"}, "references": [{"url": "https://docs.genians.com/nac/5.0/release/ko/advisories/GN-SA-2023-001.html"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T18:24:55.811Z"}, "title": "CVE Program Container", "references": [{"url": "https://docs.genians.com/nac/5.0/release/ko/advisories/GN-SA-2023-001.html", "tags": ["x_transferred"]}]}, {"affected": [{"vendor": "genians", "product": "genian_nac", "cpes": ["cpe:2.3:a:genians:genian_nac:4.0.0:*:*:*:-:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "4.0.0", "status": "affected", "lessThanOrEqual": "4.0.155", "versionType": "custom"}, {"version": "5.0.0", "status": "affected", "lessThanOrEqual": "5.0.42", "versionType": "custom"}, {"version": "5.0.0", "status": "affected", "lessThanOrEqual": "5.0.54", "versionType": "custom"}, {"version": "6.0.0", "status": "affected", "lessThanOrEqual": "6.0.15", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-10T14:54:36.654999Z", "id": "CVE-2023-40254", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-10T14:58:22.730Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://docs.genians.com/nac/5.0/release/ko/advisories/GN-SA-2023-001.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T18:24:55.811Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-40254", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-10-10T14:54:36.654999Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:genians:genian_nac:4.0.0:*:*:*:-:*:*:*"], "vendor": "genians", "product": "genian_nac", "versions": [{"status": "affected", "version": "4.0.0", "versionType": "custom", "lessThanOrEqual": "4.0.155"}, {"status": "affected", "version": "5.0.0", "versionType": "custom", "lessThanOrEqual": "5.0.42"}, {"status": "affected", "version": "5.0.0", "versionType": "custom", "lessThanOrEqual": "5.0.54"}, {"status": "affected", "version": "6.0.0", "versionType": "custom", "lessThanOrEqual": "6.0.15"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-10T14:58:13.492Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-186", "descriptions": [{"lang": "en", "value": "CAPEC-186 Malicious Software Update"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Genians", "product": "Genian NAC V4.0", "versions": [{"status": "affected", "changes": [{"at": "V4.0.156", "status": "unaffected"}], "version": "V4.0.0", "versionType": "custom", "lessThanOrEqual": "V4.0.155"}], "defaultStatus": "affected"}, {"vendor": "Genians", "product": "Genian NAC V5.0", "versions": [{"status": "affected", "changes": [{"at": "V5.0.42 (Revision 117461)", "status": "unaffected"}], "version": "V5.0.0", "versionType": "custom", "lessThanOrEqual": "V5.0.42 (Revision 117460)"}], "defaultStatus": "affected"}, {"vendor": "Genians", "product": "Genian NAC Suite V5.0", "versions": [{"status": "affected", "changes": [{"at": "V5.0.55", "status": "unaffected"}], "version": "V5.0.0", "versionType": "custom", "lessThanOrEqual": "V5.0.54"}], "defaultStatus": "affected"}, {"vendor": "Genians", "product": "Genian ZTNA", "versions": [{"status": "affected", "changes": [{"at": "V6.0.16", "status": "unaffected"}], "version": "V6.0.0", "versionType": "custom", "lessThanOrEqual": "V6.0.15"}], "defaultStatus": "affected"}], "datePublic": "2023-07-31T05:16:00.000Z", "references": [{"url": "https://docs.genians.com/nac/5.0/release/ko/advisories/GN-SA-2023-001.html"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Download of Code Without Integrity Check vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Malicious Software Update.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.\n\n", "supportingMedia": [{"type": "text/html", "value": "Download of Code Without Integrity Check vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Malicious Software Update.<p>This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "providerMetadata": {"orgId": "cdd7a122-0fae-4202-8d86-14efbacc2863", "shortName": "krcert", "dateUpdated": "2023-10-26T05:26:24.058Z"}}}, "cveMetadata": {"cveId": "CVE-2023-40254", "state": "PUBLISHED", "dateUpdated": "2024-10-10T14:58:22.730Z", "dateReserved": "2023-08-11T01:54:13.646Z", "assignerOrgId": "cdd7a122-0fae-4202-8d86-14efbacc2863", "datePublished": "2023-08-11T06:08:19.709Z", "assignerShortName": "krcert"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:genians:genian_nac:*:*:*:*:-:*:*:*", "matchCriteriaId": "BE039840-D93C-49CA-BB6A-B70771196C1B", "versionEndExcluding": "4.0.156", "versionStartIncluding": "4.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:genians:genian_nac:*:*:*:*:-:*:*:*", "matchCriteriaId": "04EF7B43-ADE3-474E-8E9F-7B2AD27FAB0C", "versionEndExcluding": "5.0.55", "versionStartIncluding": "5.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:genians:genian_nac:5.0.42:-:*:*:lts:*:*:*", "matchCriteriaId": "E514BF16-6FE5-4029-BBFB-87A487C5BC07", "vulnerable": true}, {"criteria": "cpe:2.3:a:genians:genian_nac:5.0.42:revision_117460:*:*:lts:*:*:*", "matchCriteriaId": "0A8D2C71-F0A1-41D4-9A84-EAE0CBC39B22", "vulnerable": true}, {"criteria": "cpe:2.3:a:genians:genian_ztna:*:*:*:*:*:*:*:*", "matchCriteriaId": "A36D6C47-C07E-41F3-9051-47CE254B01D0", "versionEndExcluding": "6.0.16", "versionStartIncluding": "6.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Download of Code Without Integrity Check vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Malicious Software Update.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.\n\n"}, {"lang": "es", "value": "La vulnerabilidad de descarga de c\u00f3digo sin comprobaci\u00f3n de integridad en Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA permite la actualizaci\u00f3n de software malicioso. Este problema afecta a \nGenian NAC V4.0: de V4.0.0 a V4.0.155; \nGenian NAC V5.0: de V5.0.0 a V5.0.42 (Revisi\u00f3n 117460); \nGenian NAC Suite V5.0: de V5.0.0 a V5.0.54; \nGenian ZTNA: de V6.0.0 a V6.0.15.\n"}], "id": "CVE-2023-40254", "lastModified": "2024-11-21T08:19:04.010", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 6.0, "source": "vuln@krcert.or.kr", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-08-11T07:15:09.423", "references": [{"source": "vuln@krcert.or.kr", "url": "https://docs.genians.com/nac/5.0/release/ko/advisories/GN-SA-2023-001.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.genians.com/nac/5.0/release/ko/advisories/GN-SA-2023-001.html"}], "sourceIdentifier": "vuln@krcert.or.kr", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "vuln@krcert.or.kr", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-494"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}