Show plain JSON{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-39231", "assignerOrgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e", "state": "PUBLISHED", "assignerShortName": "Ping Identity", "dateReserved": "2023-07-25T20:13:14.885Z", "datePublished": "2023-10-24T19:56:06.690Z", "dateUpdated": "2024-09-11T17:39:35.873Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "PingOne MFA Integration Kit", "vendor": "Ping Identity", "versions": [{"lessThan": "2.2.1", "status": "affected", "version": "2.2", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "PingFederate using the PingOne MFA adapter allows a new MFA device to be paired without requiring second factor authentication from an existing registered device. A threat actor may be able to exploit this vulnerability to register their own MFA device if they have knowledge of a victim user's first factor credentials."}], "value": "PingFederate using the PingOne MFA adapter allows a new MFA device to be paired without requiring second factor authentication from an existing registered device. A threat actor may be able to exploit this vulnerability to register their own MFA device if they have knowledge of a victim user's first factor credentials."}], "impacts": [{"capecId": "CAPEC-115", "descriptions": [{"lang": "en", "value": "CAPEC-115 Authentication Bypass"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-288", "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e", "shortName": "Ping Identity", "dateUpdated": "2023-10-24T19:56:06.690Z"}, "references": [{"url": "https://www.pingidentity.com/en/resources/downloads/pingid.html"}, {"url": "https://docs.pingidentity.com/r/en-us/pingfederate-pingone-mfa-ik/bks1657303194394"}], "source": {"advisory": "SECADV038", "defect": ["P14C-53455"], "discovery": "INTERNAL"}, "title": "PingFederate PingOne MFA IK Device Pairing Second Factor Authentication Bypass", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T18:02:06.576Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.pingidentity.com/en/resources/downloads/pingid.html", "tags": ["x_transferred"]}, {"url": "https://docs.pingidentity.com/r/en-us/pingfederate-pingone-mfa-ik/bks1657303194394", "tags": ["x_transferred"]}]}, {"affected": [{"vendor": "pingidentity", "product": "pingone_mfa_integration_kit", "cpes": ["cpe:2.3:a:pingidentity:pingone_mfa_integration_kit:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "2.2", "status": "affected", "lessThan": "2.2.1", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-11T17:38:51.426464Z", "id": "CVE-2023-39231", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:39:35.873Z"}}]}} 
ReportizFlow
MITRE
Vulnrichment
NVD
Redhat