Vulnerability Description
The PingID RADIUS PCV adapter for PingFederate, which supports RADIUS authentication with PingID MFA, is vulnerable to MFA bypass under certain configurations.
CVSS Score
6.5
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Pingidentity | Pingfederate | >= 11.1.0, <= 11.1.5 |
| Pingidentity | Pingid Integration Kit | < 2.24 |
| Pingidentity | Radius Pcv | >= 3.0.0, < 3.0.2 |
Related Weaknesses (CWE)
References
- https://docs.pingidentity.com/r/en-us/pingid/pingid_integration_kit_2_19_rnRelease Notes
- https://docs.pingidentity.com/r/en-us/pingid/pingid_integration_kit_2_19_rnRelease Notes
FAQ
What is CVE-2022-40723?
CVE-2022-40723 is a vulnerability with a CVSS score of 6.5 (MEDIUM). The PingID RADIUS PCV adapter for PingFederate, which supports RADIUS authentication with PingID MFA, is vulnerable to MFA bypass under certain configurations.
How severe is CVE-2022-40723?
CVE-2022-40723 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-40723?
Check the references section above for vendor advisories and patch information. Affected products include: Pingidentity Pingfederate, Pingidentity Pingid Integration Kit, Pingidentity Radius Pcv.