Details of VAR-201904-1492

ID

VAR-201904-1492

CVE

CVE-2018-7340

TITLE

Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal

Trust: 0.8

sources: CERT/CC: VU#475445

DESCRIPTION

Duo Network Gateway 1.2.9 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers. Duo Network Gateway Contains an authentication vulnerability.Information may be tampered with. An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may lead to further attacks. Duo Network Gateway (DNG) is an access control software developed by Duo Corporation in the United States for accessing internal web applications. An authentication bypass vulnerability exists in versions prior to DNG 1.2.10

Trust: 2.7

sources: NVD: CVE-2018-7340 // CERT/CC: VU#475445 // JVNDB: JVNDB-2018-015272 // BID: 103178 // VULHUB: VHN-137372

AFFECTED PRODUCTS

vendor:	cisco	model:	duo network gateway	scope:	lte	version:	1.2.9	Trust: 1.8
vendor:	clever	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	duo security	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	omniauth	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	onelogin	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	pulse secure	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	shibboleth consortium	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	wizkunde b v	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	duo	model:	network gateway	scope:	eq	version:	1.2.6	Trust: 0.3
vendor:	duo	model:	network gateway	scope:	eq	version:	1.2.5	Trust: 0.3
vendor:	duo	model:	network gateway	scope:	eq	version:	1.2.4	Trust: 0.3
vendor:	duo	model:	network gateway	scope:	eq	version:	1.2.3	Trust: 0.3
vendor:	duo	model:	network gateway	scope:	eq	version:	1.2.2	Trust: 0.3
vendor:	duo	model:	network gateway	scope:	eq	version:	1.2.1	Trust: 0.3
vendor:	duo	model:	network gateway	scope:	eq	version:	1.1	Trust: 0.3
vendor:	duo	model:	network gateway	scope:	eq	version:	1.0	Trust: 0.3
vendor:	duo	model:	network gateway	scope:	ne	version:	1.2.10	Trust: 0.3

sources: CERT/CC: VU#475445 // BID: 103178 // JVNDB: JVNDB-2018-015272 // NVD: CVE-2018-7340

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-7340
value:	HIGH
Trust: 1.0
security@duo.com:	CVE-2018-7340
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-7340
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201803-103
value:	HIGH
Trust: 0.6
VULHUB:	VHN-137372
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-7340
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-137372
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-7340
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
security@duo.com:	CVE-2018-7340
baseSeverity:	HIGH
baseScore:	7.7
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.1
impactScore:	4.0
version:	3.0
Trust: 1.0
NVD:	CVE-2018-7340
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-137372 // JVNDB: JVNDB-2018-015272 // CNNVD: CNNVD-201803-103 // NVD: CVE-2018-7340 // NVD: CVE-2018-7340

PROBLEMTYPE DATA

problemtype:	CWE-287	Trust: 1.9
problemtype:	CWE-347	Trust: 1.1

sources: VULHUB: VHN-137372 // JVNDB: JVNDB-2018-015272 // NVD: CVE-2018-7340

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201803-103

TYPE

data forgery

Trust: 0.6

sources: CNNVD: CNNVD-201803-103

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-015272

PATCH

title:	Duo Finds SAML Vulnerabilities Affecting Multiple Implementations	url:	https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations	Trust: 0.8
title:	Duo Network Gateway Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=78891	Trust: 0.6

sources: JVNDB: JVNDB-2018-015272 // CNNVD: CNNVD-201803-103

EXTERNAL IDS

db:	CERT/CC	id:	VU#475445	Trust: 3.3
db:	NVD	id:	CVE-2018-7340	Trust: 2.8
db:	JVNDB	id:	JVNDB-2018-015272	Trust: 0.8
db:	CNNVD	id:	CNNVD-201803-103	Trust: 0.6
db:	BID	id:	103178	Trust: 0.4
db:	VULHUB	id:	VHN-137372	Trust: 0.1

sources: CERT/CC: VU#475445 // VULHUB: VHN-137372 // BID: 103178 // JVNDB: JVNDB-2018-015272 // CNNVD: CNNVD-201803-103 // NVD: CVE-2018-7340

REFERENCES

url:	https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations	Trust: 2.5
url:	https://www.kb.cert.org/vuls/id/475445	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2018-7340	Trust: 1.4
url:	https://duo.com/labs/psa/duo-psa-2017-003	Trust: 1.1
url:	https://cwe.mitre.org/data/definitions/287.html	Trust: 0.8
url:	https://shibboleth.net/community/advisories/secadv_20180227.txt	Trust: 0.8
url:	https://community.box.com/t5/box-product-news/recently-reported-saml-vulnerabilities-what-you-need-to-know-as/ba-p/52403	Trust: 0.8
url:	https://www.okta.com/blog/2018/02/what-you-need-to-know-about-saml-vulnerability-research/	Trust: 0.8
url:	https://www.cloudfoundry.org/blog/vu475445	Trust: 0.8
url:	https://github.com/crewjam/saml/pull/140	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7340	Trust: 0.8
url:	https://www.kb.cert.org/vuls/id/475445/	Trust: 0.8
url:	https://duo.com	Trust: 0.3

sources: CERT/CC: VU#475445 // VULHUB: VHN-137372 // BID: 103178 // JVNDB: JVNDB-2018-015272 // CNNVD: CNNVD-201803-103 // NVD: CVE-2018-7340

CREDITS

Kelby Ludwig of Duo Security

Trust: 0.9

sources: BID: 103178 // CNNVD: CNNVD-201803-103

SOURCES

db:	CERT/CC	id:	VU#475445
db:	VULHUB	id:	VHN-137372
db:	BID	id:	103178
db:	JVNDB	id:	JVNDB-2018-015272
db:	CNNVD	id:	CNNVD-201803-103
db:	NVD	id:	CVE-2018-7340

LAST UPDATE DATE

2024-11-23T22:21:42.558000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#475445	date:	2018-06-05T00:00:00
db:	VULHUB	id:	VHN-137372	date:	2020-10-02T00:00:00
db:	BID	id:	103178	date:	2018-02-27T00:00:00
db:	JVNDB	id:	JVNDB-2018-015272	date:	2019-05-17T00:00:00
db:	CNNVD	id:	CNNVD-201803-103	date:	2020-10-09T00:00:00
db:	NVD	id:	CVE-2018-7340	date:	2024-11-21T04:12:03.410

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#475445	date:	2018-02-27T00:00:00
db:	VULHUB	id:	VHN-137372	date:	2019-04-17T00:00:00
db:	BID	id:	103178	date:	2018-02-27T00:00:00
db:	JVNDB	id:	JVNDB-2018-015272	date:	2019-05-17T00:00:00
db:	CNNVD	id:	CNNVD-201803-103	date:	2018-03-05T00:00:00
db:	NVD	id:	CVE-2018-7340	date:	2019-04-17T15:29:00.640