CVE-2022-23719

PingID Windows Login prior to 2.8 does not authenticate communication with a local Java service used to capture security key requests. An attacker with the ability to execute code on the target machine maybe able to exploit and spoof the local Java service using multiple attack vectors. A successful attack can lead to code executed as SYSTEM by the PingID Windows Login application, or even a denial of service for offline security key authentication.

CVSS v3 6.4 MEDIUM
CVSS v2.0 6.9 MEDIUM

6.4^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.5 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.9^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 3.4 / Impact : 10.0

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://docs.pingidentity.com/bundle/pingid/page/zhy1653552428545.html	Release Notes Vendor Advisory
https://www.pingidentity.com/en/resources/downloads/pingid.html	Product Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:pingidentity:pingid_integration_for_windows_login:*:*:*:*:*:*:*:*

History

03 Jul 2023, 20:34

Type	Values Removed	Values Added
CWE	~~CWE-287~~	CWE-306

Information

Published : 2022-06-30 20:15

Updated : 2024-02-28 19:09

NVD link : CVE-2022-23719

Mitre link : CVE-2022-23719

CVE.ORG link : CVE-2022-23719

JSON object : View

Products Affected

pingidentity

pingid_integration_for_windows_login

CWE

CWE-306

Missing Authentication for Critical Function

CWE-288

Authentication Bypass Using an Alternate Path or Channel

CWE-310

Cryptographic Issues

{"id": "CVE-2022-23719", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.5}, {"type": "Secondary", "source": "responsible-disclosure@pingidentity.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 0.6}]}, "published": "2022-06-30T20:15:08.310", "references": [{"url": "https://docs.pingidentity.com/bundle/pingid/page/zhy1653552428545.html", "tags": ["Release Notes", "Vendor Advisory"], "source": "responsible-disclosure@pingidentity.com"}, {"url": "https://www.pingidentity.com/en/resources/downloads/pingid.html", "tags": ["Product", "Vendor Advisory"], "source": "responsible-disclosure@pingidentity.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-306"}]}, {"type": "Secondary", "source": "responsible-disclosure@pingidentity.com", "description": [{"lang": "en", "value": "CWE-288"}, {"lang": "en", "value": "CWE-310"}]}], "descriptions": [{"lang": "en", "value": "PingID Windows Login prior to 2.8 does not authenticate communication with a local Java service used to capture security key requests. An attacker with the ability to execute code on the target machine maybe able to exploit and spoof the local Java service using multiple attack vectors. A successful attack can lead to code executed as SYSTEM by the PingID Windows Login application, or even a denial of service for offline security key authentication."}, {"lang": "es", "value": "PingID Windows Login versiones anteriores a 2.8, no autentica la comunicaci\u00f3n con un servicio local de Java usado para capturar peticiones de claves de seguridad. Un atacante con la capacidad de ejecutar c\u00f3digo en la m\u00e1quina objetivo puede ser capaz de explotar y falsificar el servicio local de Java usando m\u00faltiples vectores de ataque. Un ataque con \u00e9xito puede conllevar a una ejecuci\u00f3n de c\u00f3digo como SYSTEM por parte de la aplicaci\u00f3n PingID Windows Login, o incluso una denegaci\u00f3n de servicio para la autenticaci\u00f3n de la clave de seguridad fuera de l\u00ednea"}], "lastModified": "2023-07-03T20:34:16.163", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:pingidentity:pingid_integration_for_windows_login:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D631B535-D41D-4179-8E1B-CCAC61DC5236", "versionEndExcluding": "2.8"}], "operator": "OR"}]}], "sourceIdentifier": "responsible-disclosure@pingidentity.com"}