CVE-2020-1677

Summary

When SAML authentication is enabled, Juniper Networks Mist Cloud UI might incorrectly handle child elements in SAML responses, allowing a remote attacker to modify a valid SAML response without invalidating its cryptographic signature to bypass SAML authentication security controls. This issue affects all Juniper Networks Mist Cloud UI versions prior to September 2 2020.

Affected Software

VendorProductVersion RangeStatus
Juniper NetworksMIST Cloud UIunspecified < 09/02/2020affected

Weaknesses

  • CWE-20: CWE-20 Improper Input Validation

Workarounds

No workarounds are required since the issue has been resolved in the Mist cloud UI.

ADP Enrichment

CVE Program Container

Additional References

References