Configuration-based MFA Bypass in PingID RADIUS PCV.
CVE-2022-40723

6.5MEDIUM

What is CVE-2022-40723?

The PingID RADIUS PCV adapter for PingFederate, which supports RADIUS authentication with PingID MFA, is vulnerable to MFA bypass under certain configurations.

Affected Version(s)

PingFederate (includes Radius PCV) 11.1.0 < 11.1.0*

PingFederate (includes Radius PCV) 11.1.5

PingFederate (includes Radius PCV) 11.2.0 < 11.2.0*

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.