CVE-2020-1676

CWE-20 — Improper Input Validation CWE-755 — Improper Exception Handling4 documents4 sources

Severity

7.2HIGH

EPSS

0.6%

top 30.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Mist Cloud UI Juniper Mist Cloud UI

Timeline

PublishedOct 16

Latest updateMay 24

Description

When SAML authentication is enabled, Juniper Networks Mist Cloud UI might incorrectly handle SAML responses, allowing a remote attacker to modify a valid SAML response without invalidating its cryptographic signature to bypass SAML authentication security controls. This issue affects all Juniper Networks Mist Cloud UI versions prior to September 2 2020.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:NExploitability: 3.9 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5juniper_networks/mist_cloud_uiunspecified — 09/02/2020

▶NVDjuniper/mist_cloud_ui< 2020-09-02

🔴Vulnerability Details

GHSA

GHSA-4fg4-5r24-wpff: When SAML authentication is enabled, Juniper Networks Mist Cloud UI might incorrectly handle SAML responses, allowing a remote attacker to modify a va↗2022-05-24

▶

CVEList

Juniper Networks Mist Cloud UI: SAML authentication response handling vulnerability.↗2020-10-16

▶

📋Vendor Advisories

Juniper

CVE-2020-1676: When SAML authentication is enabled, Juniper Networks Mist Cloud UI might incorrectly handle SAML responses, allowing a remote attacker to modify a va↗2020-10-16

▶