Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

2020-10 Security Bulletin: Mist Cloud User Interface: Multiple vulnerabilities due to SAML authentication.

0

0
Article ID: JSA11072 SECURITY_ADVISORIES Last Updated: 29 Oct 2020Version: 3.0 Product Affected:
This issue affects Mist Cloud UI.
Problem:

Multiple SAML authentication vulnerabilities in Juniper Networks Mist Cloud UI have been resolved in the release with date September 2 2020.

Juniper Networks Mist Cloud UI, when SAML authentication is enabled, may incorrectly handle SAML responses, allowing a remote attacker to bypass SAML authentication security controls.

If SAML authentication is not enabled, the product is not affected.

These vulnerabilities can be exploited alone or in combination. The CVSS score below represents the worst case chaining of these vulnerabilities.

This issue affects all Juniper Networks Mist Cloud UI versions prior to September 2 2020.

This issue was found during internal product security testing or research.

Important security issues resolved include:

CVE CVSS Summary
CVE-2020-1675 8.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L) When Security Assertion Markup Language (SAML) authentication is enabled, Juniper Networks Mist Cloud UI might incorrectly process invalid authentication certificates which could allow a malicious network-based user to access unauthorized data.
CVE-2020-1676 7.2 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N) When SAML authentication is enabled, Juniper Networks Mist Cloud UI might incorrectly handle SAML responses, allowing a remote attacker to modify a valid SAML response without invalidating its cryptographic signature to bypass SAML authentication security controls.
CVE-2020-1677 7.2 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N) When SAML authentication is enabled, Juniper Networks Mist Cloud UI might incorrectly handle child elements in SAML responses, allowing a remote attacker to modify a valid SAML response without invalidating its cryptographic signature to bypass SAML authentication security controls.

 

Solution:

Mist Cloud UI has been updated on September 2 2020 to resolve this specific issue.

Workaround:
No workarounds are required since the issue has been resolved in the Mist cloud UI.
Implementation:
Software releases or updates are available for download at https://www.juniper.net/support/downloads/.
Modification History:
2020-10-14: Initial Publication.
CVSS Score:
9.6 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N)
Severity Level:
Critical
Severity Assessment:
Information for how Juniper Networks uses CVSS can be found at KB 16446 "Common Vulnerability Scoring System (CVSS) and Juniper's Security Advisories."

Related Links

 Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search