Lucene search

Ping IdentityCVELIST:CVE-2022-23718

HistoryJun 30, 2022 - 7:25 p.m.

CVE-2022-23718 PingID Windows Login prior to 2.8 uses known vulnerable components that can lead to remote code execution

2022-06-3019:25:30

CWE-1352

Ping Identity

www.cve.org

pingid

windows login

vulnerability

remote code execution

CVSS3

7.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

AI Score

8.5

Confidence

High

EPSS

0.003

Percentile

71.3%

JSON

PingID Windows Login prior to 2.8 uses known vulnerable components that can lead to remote code execution. An attacker capable of achieving a sophisticated man-in-the-middle position, or to compromise Ping Identity web servers, could deliver malicious code that would be executed as SYSTEM by the PingID Windows Login application.

CNA Affected

[
  {
    "platforms": [
      "Windows"
    ],
    "product": "PingID Windows Login",
    "vendor": "Ping Identity",
    "versions": [
      {
        "lessThan": "2.8",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

docs.pingidentity.com/bundle/pingid/page/zhy1653552428545.html

www.pingidentity.com/en/resources/downloads/pingid.html

CVSS3

7.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

AI Score

8.5

Confidence

High

EPSS

0.003

Percentile

71.3%

JSON

Related for CVELIST:CVE-2022-23718