Genian NAC Product Security Update Advisory (CVE-2024-23843)

Nov 06 2024

Overview

An update has been released to address vulnerabilities in Genian NAC Products. Users of the affected versions are advised to update to the latest version.

Affected Products

CVE-2024-23843

Genian NAC V5.0 versions: ~ 5.0.60 (inclusive)

Genian NAC LTS V5.0 versions: 5.0.55 LTS (Revision 125558 or below)
Genian NAC LTS V5.0 versions: 5.0.56 LTS (Revision 125560 or below)

Resolved Vulnerabilities

SQL Injection vulnerability due to lack of validation of user input values when retrieving data from the Genian NAC Management Console (CVE-2024-23843)

Vulnerability Patches

Vulnerability patches have been made available in the latest updates. If you are using an affected version, Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2024-23843

Genian NAC V5.0 version: 5.0.61 or later version

Genian NAC LTS V5.0 version: 5.0.55 LTS (Revision 125559 or later)
Genian NAC LTS V5.0 version: 5.0.56 LTS (Revision 125561 or later)

Referenced Sites

[1] CVE-2024-23843 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-23843

[2] GN-SA-2024-001: Genian NAC – Blind SQL Injection Vulnerability

https://docs.genians.com/nac/5.0/release/ko/advisories/GN-SA-2024-001.html

Genian NAC Product Security Update Advisory (CVE-2024-23843)

Ricoh Product Security Update Advisory (CVE-2024-47939)

ManageEngine (Exchange Reporter Plus, ADManager Plus, and others) Family November 2024 Security Update Advisory

Tags:

Ricoh Product Security Update Advisory (CVE-2024-47939)

ManageEngine (Exchange Reporter Plus, ADManager Plus, and others) Family November 2024 Security Update Advisory