Authentication Bypass in Genua Genugate by Genua
CVE-2021-27215

9.8CRITICAL

Key Information:

Vendor

Genua

Status
Vendor
CVE Published:
3 March 2021

What is CVE-2021-27215?

An authentication bypass vulnerability was identified in multiple versions of Genua Genugate, allowing attackers to bypass login mechanisms on the Web Interfaces, including Admin and Userweb panels. A flaw in the login process permits the system to incorrectly validate login data under specific manipulation scenarios. As a result, attackers may gain unauthorized access to the admin panel, potentially allowing them to log in as any user, including those with elevated privileges such as the root user or even non-existent accounts.

References

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.