Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2020-5425

Severity CVSS v4.0:
Pending analysis
Type:
CWE-287 Authentication Issues
Publication date:
31/10/2020
Last modified:
17/11/2020

Description

Single Sign-On for Vmware Tanzu all versions prior to 1.11.3 ,1.12.x versions prior to 1.12.4 and 1.13.x prior to 1.13.1 are vulnerable to user impersonation attack.If two users are logged in to the SSO operator dashboard at the same time, with the same username, from two different identity providers, one can acquire the token of the other and thus operate with their permissions. Note: Foundation may be vulnerable only if: 1) The system zone is set up to use a SAML identity provider 2) There are internal users that have the same username as users in the external SAML provider 3) Those duplicate-named users have the scope to access the SSO operator dashboard 4) The vulnerability doesn't appear with LDAP because of chained authentication.

Impact

Vector 3.x
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:H CVSS v3.1 Severity and Metrics:

Base Score: 7.90 HIGH
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:H

Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): Low
User Interaction (UI): Required
Scope (S): Changed
Confidentiality (C): Low
Integrity (I): High
Availability (A): High

Base Score 3.x
7.90
Severity 3.x
HIGH
Vector 2.0
AV:N/AC:H/Au:S/C:P/I:P/A:P CVSS v2.0 Severity and Metrics:

Base Score: 4.60 MEDIUM
Vector: AV:N/AC:H/Au:S/C:P/I:P/A:P

Attack Vector (AV): Network
Attack Complexity (AC): High
Authentication (Au): Single
Confidentiality (C): Physical
Integrity (I): Physical
Availability (A): Physical

Base Score 2.0
4.60
Severity 2.0
MEDIUM

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:vmware:single_sign-on_for_tanzu:*:*:*:*:*:*:*:* 1.11.3 (excluding)
cpe:2.3:a:vmware:single_sign-on_for_tanzu:*:*:*:*:*:*:*:* 1.12.0 (including) 1.12.4 (excluding)
cpe:2.3:a:vmware:single_sign-on_for_tanzu:*:*:*:*:*:*:*:* 1.13.0 (including) 1.13.1 (excluding)

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools