cbcvebase.
CVE-2022-40723
published 2023-04-25

CVE-2022-40723: The PingID RADIUS PCV adapter for PingFederate, which supports RADIUS authentication with PingID MFA, is vulnerable to MFA bypass under certain configurations.

PriorityP341medium6.5CVSS 3.1
AVNACLPRLUINSUCNIHAN
EPSS
0.52%
40.0th percentile
The PingID RADIUS PCV adapter for PingFederate, which supports RADIUS authentication with PingID MFA, is vulnerable to MFA bypass under certain configurations.

Affected

13 ranges
VendorProductVersion rangeFixed in
ping_identitypingfederate>= 11.1.0 < 11.1.0*11.1.0*
ping_identitypingfederate11.1.5 – 11.1.5
ping_identitypingfederate>= 11.2.0 < 11.2.0*11.2.0*
ping_identitypingfederate11.2.2 – 11.2.2
ping_identitypingid_integration_kit>= 2.24 < 2.242.24
ping_identitypingid_radius_pcv
ping_identitypingid_radius_pcv>= 3.0.0 < 3.0.0*3.0.0*
ping_identitypingid_radius_pcv3.0.2 – 3.0.2
pingidentitypingfederate11.1.0 – 11.1.5
pingidentitypingfederate11.2.0 – 11.2.2
pingidentitypingid_integration_kit< 2.242.24
pingidentityradius_pcv
pingidentityradius_pcv>= 3.0.0 < 3.0.23.0.2
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.