Lucene search

[email protected]CVE-2023-39930

HistoryOct 25, 2023 - 6:17 p.m.

CVE-2023-39930

2023-10-2518:17:29

CWE-306

CWE-288

[email protected]

web.nvd.nist.gov

cve-2023-39930

pingfederate

pingid

radius

pcv

authentication bypass

mschap

radius client request

vulnerability

nvd

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.3%

JSON

A first-factor authentication bypass vulnerability exists in the PingFederate with PingID Radius PCV when a MSCHAP authentication request is sent via a maliciously crafted RADIUS client request.

Affected configurations

NVD

Node

pingidentitypingid_radius_pcvRange3.0.0–3.0.3

CPENameOperatorVersion
pingidentity:pingid_radius_pcvpingidentity pingid radius pcvlt3.0.3

CPE	Name	Operator	Version
pingidentity:pingid_radius_pcv	pingidentity pingid radius pcv	lt	3.0.3

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "PingID Radius PCV",
    "vendor": "Ping Identity",
    "versions": [
      {
        "lessThan": "3.0.3",
        "status": "affected",
        "version": "3.0",
        "versionType": "custom"
      }
    ]
  }
]

References

docs.pingidentity.com/r/en-us/pingid/pingid_integration_kit_2_26_rn

www.pingidentity.com/en/resources/downloads/pingfederate.html

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.3%

JSON

Related for CVE-2023-39930

nvd1 prion1 cvelist1