Multiple SAML authentication vulnerabilities in Juniper Networks Mist Cloud UI have been resolved in the release with date September 2 2020.
Juniper Networks Mist Cloud UI, when SAML authentication is enabled, may incorrectly handle SAML responses, allowing a remote attacker to bypass SAML authentication security controls.
If SAML authentication is not enabled, the product is not affected.
These vulnerabilities can be exploited alone or in combination. The CVSS score below represents the worst case chaining of these vulnerabilities.
This issue affects all Juniper Networks Mist Cloud UI versions prior to September 2 2020.
This issue was found during internal product security testing or research.
Important security issues resolved include:
CVE |
CVSS |
Summary |
CVE-2020-1675 |
8.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L) |
When Security Assertion Markup Language (SAML) authentication is enabled, Juniper Networks Mist Cloud UI might incorrectly process invalid authentication certificates which could allow a malicious network-based user to access unauthorized data. |
CVE-2020-1676 |
7.2 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N) |
When SAML authentication is enabled, Juniper Networks Mist Cloud UI might incorrectly handle SAML responses, allowing a remote attacker to modify a valid SAML response without invalidating its cryptographic signature to bypass SAML authentication security controls. |
CVE-2020-1677 |
7.2 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N) |
When SAML authentication is enabled, Juniper Networks Mist Cloud UI might incorrectly handle child elements in SAML responses, allowing a remote attacker to modify a valid SAML response without invalidating its cryptographic signature to bypass SAML authentication security controls. |
Mist Cloud UI has been updated on September 2 2020 to resolve this specific issue.
No workarounds are required since the issue has been resolved in the Mist cloud UI.
Software releases or updates are available for download at
https://www.juniper.net/support/downloads/.
2020-10-14: Initial Publication.
Information for how Juniper Networks uses CVSS can be found at KB 16446 "Common Vulnerability Scoring System (CVSS) and Juniper's Security Advisories."