CVE-2020-1677
16.10.2020, 21:15
When SAML authentication is enabled, Juniper Networks Mist Cloud UI might incorrectly handle child elements in SAML responses, allowing a remote attacker to modify a valid SAML response without invalidating its cryptographic signature to bypass SAML authentication security controls. This issue affects all Juniper Networks Mist Cloud UI versions prior to September 2 2020.Enginsight
| Vendor | Product | Version |
|---|---|---|
| juniper | mist_cloud_ui | 𝑥 < 2020-09-02 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-20 - Improper Input ValidationThe product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
- CWE-345 - Insufficient Verification of Data AuthenticityThe software does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.