CVE-2020-10654

{"id": "CVE-2020-10654", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2020-05-13T13:15:14.110", "references": [{"url": "https://docs.pingidentity.com/bundle/pingid/page/hmc1587998527490.html", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://docs.pingidentity.com/bundle/pingid/page/okt1564020467088.html", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.pingidentity.com/", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://www.pingidentity.com/en/cloud/pingid.html", "tags": ["Product"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "Ping Identity PingID SSH before 4.0.14 contains a heap buffer overflow in PingID-enrolled servers. This condition can be potentially exploited into a Remote Code Execution vector on the authenticating endpoint."}, {"lang": "es", "value": "Ping Identity PingID SSH versiones anteriores a 4.0.14, contiene un desbordamiento del b\u00fafer en la regi\u00f3n heap de la memoria en los servidores inscritos en PingID. Esta condici\u00f3n puede ser explotada potencialmente en un vector de Ejecuci\u00f3n de C\u00f3digo Remota en el endpoint de autenticaci\u00f3n."}], "lastModified": "2020-05-15T18:49:24.200", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:pingidentity:pingid_ssh_integration:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "23E8201B-A95C-4984-BB39-96192DC78A99", "versionEndExcluding": "4.0.14"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}