GSD-2022-23719
Vulnerability from gsd - Updated: 2023-12-13 01:19Details
PingID Windows Login prior to 2.8 does not authenticate communication with a local Java service used to capture security key requests. An attacker with the ability to execute code on the target machine maybe able to exploit and spoof the local Java service using multiple attack vectors. A successful attack can lead to code executed as SYSTEM by the PingID Windows Login application, or even a denial of service for offline security key authentication.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2022-23719",
"description": "PingID Windows Login prior to 2.8 does not authenticate communication with a local Java service used to capture security key requests. An attacker with the ability to execute code on the target machine maybe able to exploit and spoof the local Java service using multiple attack vectors. A successful attack can lead to code executed as SYSTEM by the PingID Windows Login application, or even a denial of service for offline security key authentication.",
"id": "GSD-2022-23719"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2022-23719"
],
"details": "PingID Windows Login prior to 2.8 does not authenticate communication with a local Java service used to capture security key requests. An attacker with the ability to execute code on the target machine maybe able to exploit and spoof the local Java service using multiple attack vectors. A successful attack can lead to code executed as SYSTEM by the PingID Windows Login application, or even a denial of service for offline security key authentication.",
"id": "GSD-2022-23719",
"modified": "2023-12-13T01:19:34.948232Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "responsible-disclosure@pingidentity.com",
"ID": "CVE-2022-23719",
"STATE": "PUBLIC",
"TITLE": "PingID Windows Login prior to 2.8 does not authenticate communication with a local Java service used to capture security key requests"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PingID Windows Login",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_value": "2.8"
}
]
}
}
]
},
"vendor_name": "Ping Identity"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Ping Identity credits The Commonwealth Bank of Australia for the discovery of this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PingID Windows Login prior to 2.8 does not authenticate communication with a local Java service used to capture security key requests. An attacker with the ability to execute code on the target machine maybe able to exploit and spoof the local Java service using multiple attack vectors. A successful attack can lead to code executed as SYSTEM by the PingID Windows Login application, or even a denial of service for offline security key authentication."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-310 Cryptographic Issues"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-288 Authentication Bypass Using an Alternate Path or Channel"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.pingidentity.com/en/resources/downloads/pingid.html",
"refsource": "MISC",
"url": "https://www.pingidentity.com/en/resources/downloads/pingid.html"
},
{
"name": "https://docs.pingidentity.com/bundle/pingid/page/zhy1653552428545.html",
"refsource": "MISC",
"url": "https://docs.pingidentity.com/bundle/pingid/page/zhy1653552428545.html"
}
]
},
"source": {
"advisory": "SECADV031",
"discovery": "EXTERNAL"
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:pingidentity:pingid_integration_for_windows_login:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.8",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "responsible-disclosure@pingidentity.com",
"ID": "CVE-2022-23719"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "PingID Windows Login prior to 2.8 does not authenticate communication with a local Java service used to capture security key requests. An attacker with the ability to execute code on the target machine maybe able to exploit and spoof the local Java service using multiple attack vectors. A successful attack can lead to code executed as SYSTEM by the PingID Windows Login application, or even a denial of service for offline security key authentication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.pingidentity.com/bundle/pingid/page/zhy1653552428545.html",
"refsource": "MISC",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.pingidentity.com/bundle/pingid/page/zhy1653552428545.html"
},
{
"name": "https://www.pingidentity.com/en/resources/downloads/pingid.html",
"refsource": "MISC",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.pingidentity.com/en/resources/downloads/pingid.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.5,
"impactScore": 5.9
}
},
"lastModifiedDate": "2023-07-03T20:34Z",
"publishedDate": "2022-06-30T20:15Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…