CVE-2022-23718

EUVD-2022-28654
PingID Windows Login prior to 2.8 uses known vulnerable components that can lead to remote code execution. An attacker capable of achieving a sophisticated man-in-the-middle position, or to compromise Ping Identity web servers, could deliver malicious code that would be executed as SYSTEM by the PingID Windows Login application.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.6 HIGH
NETWORK
HIGH
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
Ping IdentityCNA
7.6 HIGH
NETWORK
HIGH
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 76%
Affected Products (NVD)
VendorProductVersion
pingidentitypingid_integration_for_windows_login
𝑥
< 2.8
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://docs.pingidentity.com/bundle/pingid/page/zhy1653552428545.html
https://www.pingidentity.com/en/resources/downloads/pingid.html
https://docs.pingidentity.com/bundle/pingid/page/zhy1653552428545.html
https://www.pingidentity.com/en/resources/downloads/pingid.html