CVE-2021-26622
Genian NAC remote code execution vulnerability
Severity Score
10.0
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
An remote code execution vulnerability due to SSTI vulnerability and insufficient file name parameter validation was discovered in Genian NAC. Remote attackers are able to execute arbitrary malicious code with SYSTEM privileges on all connected nodes in NAC through this vulnerability.
Se ha detectado una vulnerabilidad de ejecución de código remota debido a la vulnerabilidad de SSTI y a una insuficiente comprobación de parámetros de nombres de archivos en Genian NAC. Los atacantes remotos pueden ejecutar código malicioso arbitrario con privilegios de SYSTEM en todos los nodos conectados en NAC mediante esta vulnerabilidad
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-02-03 CVE Reserved
- 2022-03-25 CVE Published
- 2024-08-03 CVE Updated
- 2024-10-29 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
- CWE-94: Improper Control of Generation of Code ('Code Injection')
CAPEC
References (1)
URL | Tag | Source |
---|---|---|
https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66580 | Broken Link |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Genians Search vendor "Genians" | Genian Nac Search vendor "Genians" for product "Genian Nac" | >= 4.0 <= 4.0.145.0831 Search vendor "Genians" for product "Genian Nac" and version " >= 4.0 <= 4.0.145.0831" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
Genians Search vendor "Genians" | Genian Nac Search vendor "Genians" for product "Genian Nac" | >= 5.0 <= 5.0.42.0827 Search vendor "Genians" for product "Genian Nac" and version " >= 5.0 <= 5.0.42.0827" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|