CVE-2024-20355

{"id": "CVE-2024-20355", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "ykramarz@cisco.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.0, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.1}]}, "published": "2024-05-22T17:16:13.477", "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-saml-bypass-KkNvXyKW", "source": "ykramarz@cisco.com"}, {"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-saml-bypass-KkNvXyKW", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the implementation of SAML 2.0 single sign-on (SSO) for remote access VPN services in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to successfully establish a VPN session on an affected device. This vulnerability is due to improper separation of authorization domains when using SAML authentication. An attacker could exploit this vulnerability by using valid credentials to successfully authenticate using their designated connection profile (tunnel group), intercepting the SAML SSO token that is sent back from the Cisco ASA device, and then submitting the same SAML SSO token to a different tunnel group for authentication. A successful exploit could allow the attacker to establish a remote access VPN session using a connection profile that they are not authorized to use and connect to secured networks behind the affected device that they are not authorized to access. For successful exploitation, the attacker must have valid remote access VPN user credentials."}, {"lang": "es", "value": "Una vulnerabilidad en la implementaci\u00f3n del inicio de sesi\u00f3n \u00fanico (SSO) de SAML 2.0 para servicios VPN de acceso remoto en el software Cisco Adaptive Security Appliance (ASA) y el software Cisco Firepower Threat Defense (FTD) podr\u00eda permitir que un atacante remoto autenticado establezca con \u00e9xito una VPN. sesi\u00f3n en un dispositivo afectado. Esta vulnerabilidad se debe a una separaci\u00f3n inadecuada de los dominios de autorizaci\u00f3n cuando se utiliza la autenticaci\u00f3n SAML. Un atacante podr\u00eda aprovechar esta vulnerabilidad utilizando credenciales v\u00e1lidas para autenticarse exitosamente usando su perfil de conexi\u00f3n designado (grupo de t\u00faneles), interceptando el token SAML SSO que se env\u00eda desde el dispositivo Cisco ASA y luego enviando el mismo token SAML SSO a un t\u00fanel diferente. grupo para la autenticaci\u00f3n. Un exploit exitoso podr\u00eda permitir al atacante establecer una sesi\u00f3n VPN de acceso remoto utilizando un perfil de conexi\u00f3n que no est\u00e1 autorizado a usar y conectarse a redes seguras detr\u00e1s del dispositivo afectado a las que no est\u00e1 autorizado a acceder. Para una explotaci\u00f3n exitosa, el atacante debe tener credenciales de usuario de VPN de acceso remoto v\u00e1lidas."}], "lastModified": "2024-11-21T08:52:26.693", "sourceIdentifier": "ykramarz@cisco.com"}