CVE-2020-1675 - OpenCVE

When Security Assertion Markup Language (SAML) authentication is enabled, Juniper Networks Mist Cloud UI might incorrectly process invalid authentication certificates which could allow a malicious network-based user to access unauthorized data. This issue affects all Juniper Networks Mist Cloud UI versions prior to September 2 2020.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Juniper	Mist Cloud Ui

Configuration 1 [-]

cpe:2.3:a:juniper:mist_cloud_ui:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://kb.juniper.net/JSA11072

History

No history.

MITRE

Status: PUBLISHED

Assigner: juniper

Published: 2020-10-16T20:31:32.283802Z

Updated: 2024-09-16T22:01:32.790Z

Reserved: 2019-11-04T00:00:00

Link: CVE-2020-1675

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-10-16T21:15:13.397

Modified: 2022-01-01T17:35:55.670

Link: CVE-2020-1675

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "MIST Cloud UI", "vendor": "Juniper Networks", "versions": [{"lessThan": "09/02/2020", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2020-10-14T00:00:00", "descriptions": [{"lang": "en", "value": "When Security Assertion Markup Language (SAML) authentication is enabled, Juniper Networks Mist Cloud UI might incorrectly process invalid authentication certificates which could allow a malicious network-based user to access unauthorized data. This issue affects all Juniper Networks Mist Cloud UI versions prior to September 2 2020."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-299", "description": "CWE-299 Improper Check for Certificate Revocation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-10-16T20:31:32", "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://kb.juniper.net/JSA11072"}], "solutions": [{"lang": "en", "value": "Mist Cloud UI has been updated on September 2 2020 to resolve this specific issue."}], "source": {"advisory": "JSA11072", "discovery": "INTERNAL"}, "title": "Juniper Networks Mist Cloud UI: SAML authentication certificate vulnerability.", "workarounds": [{"lang": "en", "value": "No workarounds are required since the issue has been resolved in the Mist cloud UI."}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "sirt@juniper.net", "DATE_PUBLIC": "2020-10-14T16:00:00.000Z", "ID": "CVE-2020-1675", "STATE": "PUBLIC", "TITLE": "Juniper Networks Mist Cloud UI: SAML authentication certificate vulnerability."}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "MIST Cloud UI", "version": {"version_data": [{"version_affected": "<", "version_value": "09/02/2020"}]}}]}, "vendor_name": "Juniper Networks"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "When Security Assertion Markup Language (SAML) authentication is enabled, Juniper Networks Mist Cloud UI might incorrectly process invalid authentication certificates which could allow a malicious network-based user to access unauthorized data. This issue affects all Juniper Networks Mist Cloud UI versions prior to September 2 2020."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-299 Improper Check for Certificate Revocation"}]}]}, "references": {"reference_data": [{"name": "https://kb.juniper.net/JSA11072", "refsource": "CONFIRM", "url": "https://kb.juniper.net/JSA11072"}]}, "solution": [{"lang": "en", "value": "Mist Cloud UI has been updated on September 2 2020 to resolve this specific issue."}], "source": {"advisory": "JSA11072", "discovery": "INTERNAL"}, "work_around": [{"lang": "en", "value": "No workarounds are required since the issue has been resolved in the Mist cloud UI."}]}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T06:46:30.238Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://kb.juniper.net/JSA11072"}]}]}, "cveMetadata": {"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "assignerShortName": "juniper", "cveId": "CVE-2020-1675", "datePublished": "2020-10-16T20:31:32.283802Z", "dateReserved": "2019-11-04T00:00:00", "dateUpdated": "2024-09-16T22:01:32.790Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:juniper:mist_cloud_ui:*:*:*:*:*:*:*:*", "matchCriteriaId": "E2A42305-039A-4AAC-8EEC-2D5421C42C8A", "versionEndExcluding": "2020-09-02", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "When Security Assertion Markup Language (SAML) authentication is enabled, Juniper Networks Mist Cloud UI might incorrectly process invalid authentication certificates which could allow a malicious network-based user to access unauthorized data. This issue affects all Juniper Networks Mist Cloud UI versions prior to September 2 2020."}, {"lang": "es", "value": "Cuando la autenticaci\u00f3n de Security Assertion Markup Language (SAML) est\u00e1 habilitada, Juniper Networks Mist Cloud UI puede procesar incorrectamente los certificados de autenticaci\u00f3n no v\u00e1lidos, lo que podr\u00eda permitir a un usuario malicioso de la red acceder a datos no autorizados. Este problema afecta a todas las versiones de Juniper Networks Mist Cloud UI anteriores al 2 de septiembre de 2020"}], "id": "CVE-2020-1675", "lastModified": "2022-01-01T17:35:55.670", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.7, "source": "sirt@juniper.net", "type": "Primary"}]}, "published": "2020-10-16T21:15:13.397", "references": [{"source": "sirt@juniper.net", "tags": ["Vendor Advisory"], "url": "https://kb.juniper.net/JSA11072"}], "sourceIdentifier": "sirt@juniper.net", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-295"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-299"}], "source": "sirt@juniper.net", "type": "Secondary"}]}