Vulnerability-Lookup

CVE-2018-7340 (GCVE-0-2018-7340)

Vulnerability from cvelistv5 – Published: 2019-04-17 14:01 – Updated: 2024-08-05 06:24

Title

Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal

Summary

Severity ?

7.7 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

CWE

CWE-287 - Improper Authentication

Assigner

duo

References

URL

Tags

	https://duo.com/blog/duo-finds-saml-vulnerabiliti…	x_refsource_MISC
	https://www.kb.cert.org/vuls/id/475445	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Duo Security	Duo Network Gateway	Affected: unspecified , < 1.2.9 (custom)

Credits

Kelby Ludwig of Duo Security

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T06:24:11.848Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/475445"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Duo Network Gateway",
          "vendor": "Duo Security",
          "versions": [
            {
              "lessThan": "1.2.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Kelby Ludwig of Duo Security"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Duo Network Gateway 1.2.9 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "CWE-287: Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-04-17T14:01:03",
        "orgId": "7cd4c57f-0a88-4dda-be53-70336b413766",
        "shortName": "duo"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.kb.cert.org/vuls/id/475445"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": " Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@duo.com",
          "ID": "CVE-2018-7340",
          "STATE": "PUBLIC",
          "TITLE": " Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Duo Network Gateway",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "1.2.9"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Duo Security"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Kelby Ludwig of Duo Security"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Duo Network Gateway 1.2.9 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-287: Improper Authentication"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations",
              "refsource": "MISC",
              "url": "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations"
            },
            {
              "name": "https://www.kb.cert.org/vuls/id/475445",
              "refsource": "MISC",
              "url": "https://www.kb.cert.org/vuls/id/475445"
            }
          ]
        },
        "source": {
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7cd4c57f-0a88-4dda-be53-70336b413766",
    "assignerShortName": "duo",
    "cveId": "CVE-2018-7340",
    "datePublished": "2019-04-17T14:01:03",
    "dateReserved": "2018-02-22T00:00:00",
    "dateUpdated": "2024-08-05T06:24:11.848Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:duo_network_gateway:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.2.9\", \"matchCriteriaId\": \"E0587F16-266D-4651-81CE-587705A53C3A\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Duo Network Gateway 1.2.9 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.\"}, {\"lang\": \"es\", \"value\": \"Duo Network Gateway versi\\u00f3n 1.2.9 y anteriores pueden utilizar incorrectamente los resultados de las API de transversalidad y canonicalizaci\\u00f3n de DOM de XML de tal manera que un atacante pueda manipular los datos SAML sin invalidar la firma criptogr\\u00e1fica, lo que permite que el ataque omita la identificaci\\u00f3n a los proveedores de servicio de SAML.\"}]",
      "id": "CVE-2018-7340",
      "lastModified": "2024-11-21T04:12:03.410",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV30\": [{\"source\": \"security@duo.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\", \"baseScore\": 7.7, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.1, \"impactScore\": 4.0}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:P/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2019-04-17T15:29:00.640",
      "references": "[{\"url\": \"https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations\", \"source\": \"security@duo.com\", \"tags\": [\"Exploit\", \"Vendor Advisory\"]}, {\"url\": \"https://www.kb.cert.org/vuls/id/475445\", \"source\": \"security@duo.com\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Vendor Advisory\"]}, {\"url\": \"https://www.kb.cert.org/vuls/id/475445\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}]",
      "sourceIdentifier": "security@duo.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"security@duo.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-287\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-347\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-7340\",\"sourceIdentifier\":\"security@duo.com\",\"published\":\"2019-04-17T15:29:00.640\",\"lastModified\":\"2024-11-21T04:12:03.410\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Duo Network Gateway 1.2.9 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.\"},{\"lang\":\"es\",\"value\":\"Duo Network Gateway versi\u00f3n 1.2.9 y anteriores pueden utilizar incorrectamente los resultados de las API de transversalidad y canonicalizaci\u00f3n de DOM de XML de tal manera que un atacante pueda manipular los datos SAML sin invalidar la firma criptogr\u00e1fica, lo que permite que el ataque omita la identificaci\u00f3n a los proveedores de servicio de SAML.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV30\":[{\"source\":\"security@duo.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\",\"baseScore\":7.7,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.1,\"impactScore\":4.0}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:P/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"security@duo.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-347\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:duo_network_gateway:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.2.9\",\"matchCriteriaId\":\"E0587F16-266D-4651-81CE-587705A53C3A\"}]}]}],\"references\":[{\"url\":\"https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations\",\"source\":\"security@duo.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://www.kb.cert.org/vuls/id/475445\",\"source\":\"security@duo.com\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://www.kb.cert.org/vuls/id/475445\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]}]}}"
  }
}

FKIE_CVE-2018-7340

Vulnerability from fkie_nvd - Published: 2019-04-17 15:29 - Updated: 2024-11-21 04:12

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Summary

References

URL	Tags
security@duo.com	https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations	Exploit, Vendor Advisory
security@duo.com	https://www.kb.cert.org/vuls/id/475445	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations	Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.kb.cert.org/vuls/id/475445	Third Party Advisory, US Government Resource

Impacted products

	Vendor	Product	Version
	cisco	duo_network_gateway	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:duo_network_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0587F16-266D-4651-81CE-587705A53C3A",
              "versionEndIncluding": "1.2.9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Duo Network Gateway 1.2.9 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers."
    },
    {
      "lang": "es",
      "value": "Duo Network Gateway versi\u00f3n 1.2.9 y anteriores pueden utilizar incorrectamente los resultados de las API de transversalidad y canonicalizaci\u00f3n de DOM de XML de tal manera que un atacante pueda manipular los datos SAML sin invalidar la firma criptogr\u00e1fica, lo que permite que el ataque omita la identificaci\u00f3n a los proveedores de servicio de SAML."
    }
  ],
  "id": "CVE-2018-7340",
  "lastModified": "2024-11-21T04:12:03.410",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.7,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.1,
        "impactScore": 4.0,
        "source": "security@duo.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-04-17T15:29:00.640",
  "references": [
    {
      "source": "security@duo.com",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations"
    },
    {
      "source": "security@duo.com",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.kb.cert.org/vuls/id/475445"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.kb.cert.org/vuls/id/475445"
    }
  ],
  "sourceIdentifier": "security@duo.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "security@duo.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-347"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-39GM-MMXQ-4X9R

Vulnerability from github – Published: 2022-05-13 01:15 – Updated: 2022-05-13 01:15

Details

Severity ?

7.5 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-7340"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-04-17T15:29:00Z",
    "severity": "HIGH"
  },
  "details": "Duo Network Gateway 1.2.9 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.",
  "id": "GHSA-39gm-mmxq-4x9r",
  "modified": "2022-05-13T01:15:03Z",
  "published": "2022-05-13T01:15:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7340"
    },
    {
      "type": "WEB",
      "url": "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations"
    },
    {
      "type": "WEB",
      "url": "https://www.kb.cert.org/vuls/id/475445"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

VAR-201904-1492

Vulnerability from variot - Updated: 2023-12-18 12:50

Duo Network Gateway 1.2.9 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers. Duo Network Gateway Contains an authentication vulnerability.Information may be tampered with. An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may lead to further attacks. Duo Network Gateway (DNG) is an access control software developed by Duo Corporation in the United States for accessing internal web applications. An authentication bypass vulnerability exists in versions prior to DNG 1.2.10

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201904-1492",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "duo network gateway",
        "scope": "lte",
        "trust": 1.8,
        "vendor": "cisco",
        "version": "1.2.9"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "clever",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "duo security",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "omniauth",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "onelogin",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "pulse secure",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "shibboleth consortium",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "wizkunde b v",
        "version": null
      },
      {
        "model": "network gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "duo",
        "version": "1.2.6"
      },
      {
        "model": "network gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "duo",
        "version": "1.2.5"
      },
      {
        "model": "network gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "duo",
        "version": "1.2.4"
      },
      {
        "model": "network gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "duo",
        "version": "1.2.3"
      },
      {
        "model": "network gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "duo",
        "version": "1.2.2"
      },
      {
        "model": "network gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "duo",
        "version": "1.2.1"
      },
      {
        "model": "network gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "duo",
        "version": "1.1"
      },
      {
        "model": "network gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "duo",
        "version": "1.0"
      },
      {
        "model": "network gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "duo",
        "version": "1.2.10"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#475445"
      },
      {
        "db": "BID",
        "id": "103178"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-015272"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-7340"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:duo_network_gateway:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.2.9",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-7340"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Kelby Ludwig of Duo Security",
    "sources": [
      {
        "db": "BID",
        "id": "103178"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-103"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2018-7340",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2018-7340",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-137372",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "security@duo.com",
            "availabilityImpact": "NONE",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.1,
            "impactScore": 4.0,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2018-7340",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2018-7340",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "security@duo.com",
            "id": "CVE-2018-7340",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201803-103",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-137372",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-137372"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-015272"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-7340"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-7340"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-103"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Duo Network Gateway 1.2.9 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers. Duo Network Gateway Contains an authentication vulnerability.Information may be tampered with. \nAn attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may lead to further attacks. Duo Network Gateway (DNG) is an access control software developed by Duo Corporation in the United States for accessing internal web applications. An authentication bypass vulnerability exists in versions prior to DNG 1.2.10",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-7340"
      },
      {
        "db": "CERT/CC",
        "id": "VU#475445"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-015272"
      },
      {
        "db": "BID",
        "id": "103178"
      },
      {
        "db": "VULHUB",
        "id": "VHN-137372"
      }
    ],
    "trust": 2.7
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#475445",
        "trust": 3.3
      },
      {
        "db": "NVD",
        "id": "CVE-2018-7340",
        "trust": 2.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-015272",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-103",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "103178",
        "trust": 0.4
      },
      {
        "db": "VULHUB",
        "id": "VHN-137372",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#475445"
      },
      {
        "db": "VULHUB",
        "id": "VHN-137372"
      },
      {
        "db": "BID",
        "id": "103178"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-015272"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-7340"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-103"
      }
    ]
  },
  "id": "VAR-201904-1492",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-137372"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:50:20.027000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Duo Finds SAML Vulnerabilities Affecting Multiple Implementations",
        "trust": 0.8,
        "url": "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations"
      },
      {
        "title": "Duo Network Gateway Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=78891"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-015272"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-103"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-347",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-287",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-137372"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-015272"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-7340"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations"
      },
      {
        "trust": 1.7,
        "url": "https://www.kb.cert.org/vuls/id/475445"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-7340"
      },
      {
        "trust": 1.1,
        "url": "https://duo.com/labs/psa/duo-psa-2017-003"
      },
      {
        "trust": 0.8,
        "url": "https://cwe.mitre.org/data/definitions/287.html"
      },
      {
        "trust": 0.8,
        "url": "https://shibboleth.net/community/advisories/secadv_20180227.txt"
      },
      {
        "trust": 0.8,
        "url": "https://community.box.com/t5/box-product-news/recently-reported-saml-vulnerabilities-what-you-need-to-know-as/ba-p/52403"
      },
      {
        "trust": 0.8,
        "url": "https://www.okta.com/blog/2018/02/what-you-need-to-know-about-saml-vulnerability-research/"
      },
      {
        "trust": 0.8,
        "url": "https://www.cloudfoundry.org/blog/vu475445"
      },
      {
        "trust": 0.8,
        "url": "https://github.com/crewjam/saml/pull/140"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7340"
      },
      {
        "trust": 0.8,
        "url": "https://www.kb.cert.org/vuls/id/475445/"
      },
      {
        "trust": 0.3,
        "url": "https://duo.com"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#475445"
      },
      {
        "db": "VULHUB",
        "id": "VHN-137372"
      },
      {
        "db": "BID",
        "id": "103178"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-015272"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-7340"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-103"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#475445"
      },
      {
        "db": "VULHUB",
        "id": "VHN-137372"
      },
      {
        "db": "BID",
        "id": "103178"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-015272"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-7340"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-103"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-02-27T00:00:00",
        "db": "CERT/CC",
        "id": "VU#475445"
      },
      {
        "date": "2019-04-17T00:00:00",
        "db": "VULHUB",
        "id": "VHN-137372"
      },
      {
        "date": "2018-02-27T00:00:00",
        "db": "BID",
        "id": "103178"
      },
      {
        "date": "2019-05-17T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-015272"
      },
      {
        "date": "2019-04-17T15:29:00.640000",
        "db": "NVD",
        "id": "CVE-2018-7340"
      },
      {
        "date": "2018-03-05T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201803-103"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-06-05T00:00:00",
        "db": "CERT/CC",
        "id": "VU#475445"
      },
      {
        "date": "2020-10-02T00:00:00",
        "db": "VULHUB",
        "id": "VHN-137372"
      },
      {
        "date": "2018-02-27T00:00:00",
        "db": "BID",
        "id": "103178"
      },
      {
        "date": "2019-05-17T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-015272"
      },
      {
        "date": "2020-10-02T14:44:32.147000",
        "db": "NVD",
        "id": "CVE-2018-7340"
      },
      {
        "date": "2020-10-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201803-103"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-103"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#475445"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "data forgery",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-103"
      }
    ],
    "trust": 0.6
  }
}

CNVD-2018-04730

Vulnerability from cnvd - Published: 2018-03-09

Title

Duo Network Gateway身份验证绕过漏洞

Description

Duo Network Gateway（DNG）是美国Duo公司的一款用于访问内部Web应用程序的访问控制软件。 DNG中存在身份验证绕过漏洞。远程攻击者可利用该漏洞绕过身份验证机制，执行未授权的操作。

Severity

中

Patch Name

Duo Network Gateway身份验证绕过漏洞的补丁

Patch Description

Duo Network Gateway（DNG）是美国Duo公司的一款用于访问内部Web应用程序的访问控制软件。 DNG中存在身份验证绕过漏洞。远程攻击者可利用该漏洞绕过身份验证机制，执行未授权的操作。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://duo.com/labs/psa/duo-psa-2017-003

Reference

http://www.securityfocus.com/bid/103178

Impacted products

Name
Duo Network Gateway <1.2.10

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "103178"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-7340"
    }
  },
  "description": "Duo Network Gateway\uff08DNG\uff09\u662f\u7f8e\u56fdDuo\u516c\u53f8\u7684\u4e00\u6b3e\u7528\u4e8e\u8bbf\u95ee\u5185\u90e8Web\u5e94\u7528\u7a0b\u5e8f\u7684\u8bbf\u95ee\u63a7\u5236\u8f6f\u4ef6\u3002\r\n\r\nDNG\u4e2d\u5b58\u5728\u8eab\u4efd\u9a8c\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u673a\u5236\uff0c\u6267\u884c\u672a\u6388\u6743\u7684\u64cd\u4f5c\u3002",
  "discovererName": "Kelby Ludwig of Duo Security",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://duo.com/labs/psa/duo-psa-2017-003",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-04730",
  "openTime": "2018-03-09",
  "patchDescription": "Duo Network Gateway\uff08DNG\uff09\u662f\u7f8e\u56fdDuo\u516c\u53f8\u7684\u4e00\u6b3e\u7528\u4e8e\u8bbf\u95ee\u5185\u90e8Web\u5e94\u7528\u7a0b\u5e8f\u7684\u8bbf\u95ee\u63a7\u5236\u8f6f\u4ef6\u3002\r\n\r\nDNG\u4e2d\u5b58\u5728\u8eab\u4efd\u9a8c\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u673a\u5236\uff0c\u6267\u884c\u672a\u6388\u6743\u7684\u64cd\u4f5c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Duo Network Gateway\u8eab\u4efd\u9a8c\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Duo Network Gateway \u003c1.2.10"
  },
  "referenceLink": "http://www.securityfocus.com/bid/103178",
  "serverity": "\u4e2d",
  "submitTime": "2018-03-06",
  "title": "Duo Network Gateway\u8eab\u4efd\u9a8c\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e"
}

GSD-2018-7340

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2018-7340

Aliases

CVE-2018-7340

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-7340",
    "description": "Duo Network Gateway 1.2.9 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.",
    "id": "GSD-2018-7340"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-7340"
      ],
      "details": "Duo Network Gateway 1.2.9 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.",
      "id": "GSD-2018-7340",
      "modified": "2023-12-13T01:22:33.019326Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@duo.com",
        "ID": "CVE-2018-7340",
        "STATE": "PUBLIC",
        "TITLE": " Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Duo Network Gateway",
                    "version": {
                      "version_data": [
                        {
                          "affected": "\u003c",
                          "version_value": "1.2.9"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Duo Security"
            }
          ]
        }
      },
      "credit": [
        {
          "lang": "eng",
          "value": "Kelby Ludwig of Duo Security"
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Duo Network Gateway 1.2.9 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers."
          }
        ]
      },
      "impact": {
        "cvss": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.7,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
          "version": "3.0"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-287: Improper Authentication"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations",
            "refsource": "MISC",
            "url": "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations"
          },
          {
            "name": "https://www.kb.cert.org/vuls/id/475445",
            "refsource": "MISC",
            "url": "https://www.kb.cert.org/vuls/id/475445"
          }
        ]
      },
      "source": {
        "discovery": "INTERNAL"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:duo_network_gateway:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.2.9",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@duo.com",
          "ID": "CVE-2018-7340"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Duo Network Gateway 1.2.9 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-347"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.kb.cert.org/vuls/id/475445",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "https://www.kb.cert.org/vuls/id/475445"
            },
            {
              "name": "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Vendor Advisory"
              ],
              "url": "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2020-10-02T14:44Z",
      "publishedDate": "2019-04-17T15:29Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-7340 (GCVE-0-2018-7340)

FKIE_CVE-2018-7340

GHSA-39GM-MMXQ-4X9R

VAR-201904-1492

CNVD-2018-04730

GSD-2018-7340

Tags

Sightings

Nomenclature