CVE-2020-1676 - OpenCVE

When SAML authentication is enabled, Juniper Networks Mist Cloud UI might incorrectly handle SAML responses, allowing a remote attacker to modify a valid SAML response without invalidating its cryptographic signature to bypass SAML authentication security controls. This issue affects all Juniper Networks Mist Cloud UI versions prior to September 2 2020.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Juniper	Mist Cloud Ui

Configuration 1 [-]

cpe:2.3:a:juniper:mist_cloud_ui:*:*:*:*:*:*:*:*

References

Link	Resource
https://kb.juniper.net/JSA11072	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: juniper

Published: 2020-10-14T00:00:00

Updated: 2020-10-16T20:31:32

Reserved: 2019-11-04T00:00:00

Link: CVE-2020-1676

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-10-16T21:15:13.473

Modified: 2022-01-01T17:36:11.267

Link: CVE-2020-1676

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "MIST Cloud UI", "vendor": "Juniper Networks", "versions": [{"lessThan": "09/02/2020", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2020-10-14T00:00:00", "descriptions": [{"lang": "en", "value": "When SAML authentication is enabled, Juniper Networks Mist Cloud UI might incorrectly handle SAML responses, allowing a remote attacker to modify a valid SAML response without invalidating its cryptographic signature to bypass SAML authentication security controls. This issue affects all Juniper Networks Mist Cloud UI versions prior to September 2 2020."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-10-16T20:31:32", "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://kb.juniper.net/JSA11072"}], "solutions": [{"lang": "en", "value": "Mist Cloud UI has been updated on September 2 2020 to resolve this specific issue."}], "source": {"advisory": "JSA11072", "discovery": "INTERNAL"}, "title": "Juniper Networks Mist Cloud UI: SAML authentication response handling vulnerability.", "workarounds": [{"lang": "en", "value": "No workarounds are required since the issue has been resolved in the Mist cloud UI."}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "sirt@juniper.net", "DATE_PUBLIC": "2020-10-14T16:00:00.000Z", "ID": "CVE-2020-1676", "STATE": "PUBLIC", "TITLE": "Juniper Networks Mist Cloud UI: SAML authentication response handling vulnerability."}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "MIST Cloud UI", "version": {"version_data": [{"version_affected": "<", "version_value": "09/02/2020"}]}}]}, "vendor_name": "Juniper Networks"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "When SAML authentication is enabled, Juniper Networks Mist Cloud UI might incorrectly handle SAML responses, allowing a remote attacker to modify a valid SAML response without invalidating its cryptographic signature to bypass SAML authentication security controls. This issue affects all Juniper Networks Mist Cloud UI versions prior to September 2 2020."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-20 Improper Input Validation"}]}]}, "references": {"reference_data": [{"name": "https://kb.juniper.net/JSA11072", "refsource": "CONFIRM", "url": "https://kb.juniper.net/JSA11072"}]}, "solution": [{"lang": "en", "value": "Mist Cloud UI has been updated on September 2 2020 to resolve this specific issue."}], "source": {"advisory": "JSA11072", "discovery": "INTERNAL"}, "work_around": [{"lang": "en", "value": "No workarounds are required since the issue has been resolved in the Mist cloud UI."}]}}}, "cveMetadata": {"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "assignerShortName": "juniper", "cveId": "CVE-2020-1676", "datePublished": "2020-10-14T00:00:00", "dateReserved": "2019-11-04T00:00:00", "dateUpdated": "2020-10-16T20:31:32", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:juniper:mist_cloud_ui:*:*:*:*:*:*:*:*", "matchCriteriaId": "E2A42305-039A-4AAC-8EEC-2D5421C42C8A", "versionEndExcluding": "2020-09-02", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "When SAML authentication is enabled, Juniper Networks Mist Cloud UI might incorrectly handle SAML responses, allowing a remote attacker to modify a valid SAML response without invalidating its cryptographic signature to bypass SAML authentication security controls. This issue affects all Juniper Networks Mist Cloud UI versions prior to September 2 2020."}, {"lang": "es", "value": "Cuando la autenticaci\u00f3n SAML est\u00e1 habilitada, Juniper Networks Mist Cloud UI puede manejar incorrectamente las respuestas SAML, permitiendo a un atacante remoto modificar una respuesta SAML v\u00e1lida sin invalidar su firma criptogr\u00e1fica para omitir los controles de seguridad de autenticaci\u00f3n SAML. Este problema afecta a todas las versiones de Juniper Networks Mist Cloud UI anteriores al 2 de septiembre de 2020"}], "id": "CVE-2020-1676", "lastModified": "2022-01-01T17:36:11.267", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.7, "source": "sirt@juniper.net", "type": "Secondary"}]}, "published": "2020-10-16T21:15:13.473", "references": [{"source": "sirt@juniper.net", "tags": ["Vendor Advisory"], "url": "https://kb.juniper.net/JSA11072"}], "sourceIdentifier": "sirt@juniper.net", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-20"}], "source": "sirt@juniper.net", "type": "Secondary"}]}