CVE-2020-1675 — Improper Check for Certificate Revocation in Networks Mist Cloud UI

CWE-299 — Improper Check for Certificate Revocation CWE-295 — Improper Certificate Validation CWE-287 — Improper Authentication4 documents4 sources

Severity

8.3HIGHNVD

EPSS

0.1%

top 74.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Mist Cloud UI Juniper Mist Cloud UI

Timeline

PublishedOct 16

Latest updateMay 24

Description

When Security Assertion Markup Language (SAML) authentication is enabled, Juniper Networks Mist Cloud UI might incorrectly process invalid authentication certificates which could allow a malicious network-based user to access unauthorized data. This issue affects all Juniper Networks Mist Cloud UI versions prior to September 2 2020.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:LExploitability: 3.9 | Impact: 3.7

Affected Packages2 packages

▶CVEListV5juniper_networks/mist_cloud_uiunspecified — 09/02/2020

▶NVDjuniper/mist_cloud_ui< 2020-09-02

🔴Vulnerability Details

GHSA

GHSA-fw35-7jfq-3g5m: When Security Assertion Markup Language (SAML) authentication is enabled, Juniper Networks Mist Cloud UI might incorrectly process invalid authenticat↗2022-05-24

▶

CVEList

Juniper Networks Mist Cloud UI: SAML authentication certificate vulnerability.↗2020-10-16

▶

📋Vendor Advisories

Juniper

CVE-2020-1675: When Security Assertion Markup Language (SAML) authentication is enabled, Juniper Networks Mist Cloud UI might incorrectly process invalid authenticat↗2020-10-16

▶