{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-40253","assignerOrgId":"cdd7a122-0fae-4202-8d86-14efbacc2863","state":"PUBLISHED","assignerShortName":"krcert","dateReserved":"2023-08-11T01:54:13.646Z","datePublished":"2023-08-11T05:34:48.443Z","dateUpdated":"2024-10-01T20:45:41.739Z"},"containers":{"cna":{"affected":[{"defaultStatus":"affected","product":"Genian NAC V4.0","vendor":"Genians","versions":[{"changes":[{"at":"V4.0.156","status":"unaffected"}],"lessThanOrEqual":"V4.0.155","status":"affected","version":"V4.0.0","versionType":"custom"}]},{"defaultStatus":"affected","product":"Genian NAC V5.0","vendor":"Genians","versions":[{"changes":[{"at":"V5.0.42 (Revision 117461)","status":"unaffected"}],"lessThanOrEqual":"V5.0.42 (Revision 117460)","status":"affected","version":"V5.0.0","versionType":"custom"}]},{"defaultStatus":"affected","product":"Genian NAC Suite V5.0","vendor":"Genians","versions":[{"changes":[{"at":"V5.0.55","status":"unaffected"}],"lessThanOrEqual":"V5.0.54","status":"affected","version":"V5.0.0","versionType":"custom"}]},{"defaultStatus":"affected","product":"Genian ZTNA","vendor":"Genians","versions":[{"changes":[{"at":"V6.0.16","status":"unaffected"}],"lessThanOrEqual":"V6.0.15","status":"affected","version":"V6.0.0","versionType":"custom"}]}],"datePublic":"2023-07-31T05:16:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Improper Authentication vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Authentication Abuse.<p>This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.</p>"}],"value":"Improper Authentication vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Authentication Abuse.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.\n\n"}],"impacts":[{"capecId":"CAPEC-114","descriptions":[{"lang":"en","value":"CAPEC-114 Authentication Abuse"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"NONE","baseScore":6,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"HIGH","privilegesRequired":"HIGH","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-78","description":"CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"cdd7a122-0fae-4202-8d86-14efbacc2863","shortName":"krcert","dateUpdated":"2023-08-29T01:46:04.743Z"},"references":[{"url":"https://docs.genians.com/nac/5.0/release/ko/advisories/GN-SA-2023-001.html"}],"source":{"discovery":"UNKNOWN"},"x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T18:24:55.814Z"},"title":"CVE Program Container","references":[{"url":"https://docs.genians.com/nac/5.0/release/ko/advisories/GN-SA-2023-001.html","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-10-01T20:34:17.095243Z","id":"CVE-2023-40253","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-10-01T20:45:41.739Z"}}]}}