Vulnerabilities > CVE-2020-10654 - Out-of-bounds Write vulnerability in Pingidentity Pingid SSH Integration

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

pingidentity

CWE-787

critical

NVD

Published: 2020-05-13

Updated: 2020-05-15

Summary

Ping Identity PingID SSH before 4.0.14 contains a heap buffer overflow in PingID-enrolled servers. This condition can be potentially exploited into a Remote Code Execution vector on the authenticating endpoint.

Vulnerable Configurations

Part	Description	Count
Application	Pingidentity Pingidentity Pingid SSH Integration *	1

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://www.pingidentity.com/en/cloud/pingid.html
https://docs.pingidentity.com/bundle/pingid/page/hmc1587998527490.html
https://docs.pingidentity.com/bundle/pingid/page/okt1564020467088.html
https://www.pingidentity.com/