CVE-2021-26622 — CRITICAL (9.6)

Q: How severe is CVE-2021-26622?

CVE-2021-26622 has been rated CRITICAL with a CVSS base score of 9.6/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2021-26622?

Check the references section above for vendor advisories and patch information. Affected products include: Genians Genian Nac, Microsoft Windows.

Vulnerability Description

An remote code execution vulnerability due to SSTI vulnerability and insufficient file name parameter validation was discovered in Genian NAC. Remote attackers are able to execute arbitrary malicious code with SYSTEM privileges on all connected nodes in NAC through this vulnerability.

CVSS Score

9.6

CRITICAL

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Genians	Genian Nac	>= 4.0, <= 4.0.145.0831
Microsoft	Windows	-

Related Weaknesses (CWE)

CWE-20 CWE-94

References

https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66580Broken LinkThird Party Advisory
https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66580Broken LinkThird Party Advisory

FAQ

What is CVE-2021-26622?

CVE-2021-26622 is a vulnerability with a CVSS score of 9.6 (CRITICAL). An remote code execution vulnerability due to SSTI vulnerability and insufficient file name parameter validation was discovered in Genian NAC. Remote attackers are able to execute arbitrary malicious ...

How severe is CVE-2021-26622?

CVE-2021-26622 has been rated CRITICAL with a CVSS base score of 9.6/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2021-26622?

Check the references section above for vendor advisories and patch information. Affected products include: Genians Genian Nac, Microsoft Windows.