Vulnerability Description
Ping Identity PingID SSH before 4.0.14 contains a heap buffer overflow in PingID-enrolled servers. This condition can be potentially exploited into a Remote Code Execution vector on the authenticating endpoint.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Pingidentity | Pingid Ssh Integration | < 4.0.14 |
Related Weaknesses (CWE)
References
- https://docs.pingidentity.com/bundle/pingid/page/hmc1587998527490.htmlVendor Advisory
- https://docs.pingidentity.com/bundle/pingid/page/okt1564020467088.htmlVendor Advisory
- https://www.pingidentity.com/Product
- https://www.pingidentity.com/en/cloud/pingid.htmlProduct
- https://docs.pingidentity.com/bundle/pingid/page/hmc1587998527490.htmlVendor Advisory
- https://docs.pingidentity.com/bundle/pingid/page/okt1564020467088.htmlVendor Advisory
- https://www.pingidentity.com/Product
- https://www.pingidentity.com/en/cloud/pingid.htmlProduct
FAQ
What is CVE-2020-10654?
CVE-2020-10654 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Ping Identity PingID SSH before 4.0.14 contains a heap buffer overflow in PingID-enrolled servers. This condition can be potentially exploited into a Remote Code Execution vector on the authenticating...
How severe is CVE-2020-10654?
CVE-2020-10654 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-10654?
Check the references section above for vendor advisories and patch information. Affected products include: Pingidentity Pingid Ssh Integration.