CVE-2021-26622

Summary

An remote code execution vulnerability due to SSTI vulnerability and insufficient file name parameter validation was discovered in Genian NAC. Remote attackers are able to execute arbitrary malicious code with SYSTEM privileges on all connected nodes in NAC through this vulnerability.

Affected Software

VendorProductVersion RangeStatus
Genians Co., LtdGenian NAC Suite V4.0unspecified <= 4.0.145.0831affected
Genians Co., LtdGenian NAC V5.0 & Genian NAC Suite V5.0unspecified <= 5.0.42.0827affected

Weaknesses

  • CWE-20: CWE-20 Improper Input Validation

ADP Enrichment

CVE Program Container

Additional References

References