CVE-2022-40723

EPSS 0.52%
Veröffentlicht 25.04.2023 19:15:10
Zuletzt bearbeitet 21.11.2024 07:21:56
Quelle responsible-disclosure@pingide
CVE-Watchlists
Login
Unerledigt
Login

Configuration-based MFA Bypass in PingID RADIUS PCV.

The PingID RADIUS PCV adapter for PingFederate, which supports RADIUS authentication with PingID MFA, is vulnerable to MFA bypass under certain configurations.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 4

NVD 5 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Pingidentity ≫ Pingfederate Version >= 11.1.0 <= 11.1.5

Pingidentity ≫ Pingfederate Version >= 11.2.0 <= 11.2.2

Pingidentity ≫ Pingid Integration Kit Version < 2.24

Pingidentity ≫ Radius Pcv Version >= 3.0.0 < 3.0.2

Pingidentity ≫ Radius Pcv Version2.10.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.52%	0.398

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
responsible-disclosure@pingidentity.com	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

CWE-305 Authentication Bypass by Primary Weakness

The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.

https://docs.pingidentity.com/r/en-us/pingid/pingid_integration_kit_2_19_rn

Release Notes

https://nvd.nist.gov/vuln/detail/CVE-2022-40723

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-40723

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-40723

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-40723