CVE-2020-1677

CWE-20 — Improper Input Validation CWE-3454 documents4 sources

Severity

7.2HIGH

EPSS

0.2%

top 60.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Mist Cloud UI Juniper Mist Cloud UI

Timeline

PublishedOct 16

Latest updateMay 24

Description

When SAML authentication is enabled, Juniper Networks Mist Cloud UI might incorrectly handle child elements in SAML responses, allowing a remote attacker to modify a valid SAML response without invalidating its cryptographic signature to bypass SAML authentication security controls. This issue affects all Juniper Networks Mist Cloud UI versions prior to September 2 2020.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:NExploitability: 3.9 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5juniper_networks/mist_cloud_uiunspecified — 09/02/2020

▶NVDjuniper/mist_cloud_ui< 2020-09-02

🔴Vulnerability Details

GHSA

GHSA-wx4h-wgr2-66h2: When SAML authentication is enabled, Juniper Networks Mist Cloud UI might incorrectly handle child elements in SAML responses, allowing a remote attac↗2022-05-24

▶

CVEList

Juniper Networks Mist Cloud UI: SAML authentication attribute elements handling vulnerability.↗2020-10-16

▶

📋Vendor Advisories

Juniper

CVE-2020-1677: When SAML authentication is enabled, Juniper Networks Mist Cloud UI might incorrectly handle child elements in SAML responses, allowing a remote attac↗2020-10-16

▶