CVE-2021-27215
published 2021-03-03CVE-2021-27215: An issue was discovered in genua genugate before 9.0 Z p19, 9.1.x through 9.6.x before 9.6 p7, and 10.x before 10.1 p4. The Web Interfaces (Admin, Userweb…
PriorityP262critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
2.35%
81.6th percentile
An issue was discovered in genua genugate before 9.0 Z p19, 9.1.x through 9.6.x before 9.6 p7, and 10.x before 10.1 p4. The Web Interfaces (Admin, Userweb, Sidechannel) can use different methods to perform the authentication of a user. A specific authentication method during login does not check the provided data (when a certain manipulation occurs) and returns OK for any authentication request. This allows an attacker to login to the admin panel as a user of his choice, e.g., the root user (with highest privileges) or even a non-existing user.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| genua | genuagate | <= 9.0 | — |
| genua | genuagate | — | — |
| genua | genuagate | — | — |
| genua | genuagate | — | — |
| genua | genuagate | 10.0 – 10.1 | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://kunde.genua.de/en/overview/genugate.htmlhttps://sec-consult.com/vulnerability-lab/advisory/authentication-bypass-genua-genugate/https://www.genua.de/en/it-security-solutions/high-resistance-firewall-genugatehttps://kunde.genua.de/en/overview/genugate.htmlhttps://sec-consult.com/vulnerability-lab/advisory/authentication-bypass-genua-genugate/https://www.genua.de/en/it-security-solutions/high-resistance-firewall-genugate
2021-03-03
Published