Impact
The Genucenter web interface prior to version 8.0p11 returns SNMP authentication and encryption keys in HTTP responses to users who hold the Service or Admin roles. This flaw exposes sensitive credential material, enabling those users to de‑crypt SNMP traffic or to impersonate SNMP agents, potentially leading to unauthorized access to network devices and the compromise of network infrastructure. The weakness is a clear information disclosure, classified as CWE-201.
Affected Systems
All installations of genua Genucenter running a version older than 8.0p11 are affected. The vulnerability applies to the web interface accessed by users assigned the Service or Admin role; no detail is provided about specific sub‑products or configuration differences.
Risk and Exploitability
With a CVSS score of 4.3 the vulnerability is moderately severe. The EPSS score is not available and the issue is not listed in the CISA KEV catalog, indicating that it has not yet been widely exploited. Exploitation requires valid user credentials that grant Service or Admin level access to the web interface, making it an insider‑or‑compromised‑credential scenario rather than a generic external attack. The risk is therefore moderate to low for an organization that limits or monitors such privileged accounts, but it becomes higher for environments where those roles are broadly available.
OpenCVE Enrichment