Ping Identity PingID SSH before 4.0.14 Out-of-bounds Write Vulnerability

Summary

A possible heap overflow was found that could allow a Remote Code Execution attack against PingID-enrolled servers. The issue has been corrected.

Credit:

The information has been provided by Vendor

The original article can be found at:https://docs.pingidentity.com/bundle/pingid/page/hmc1587998527490.html


Details

Ping Identity PingID SSH before 4.0.14 contains a heap buffer overflow in PingID-enrolled servers. This condition can be potentially exploited into a Remote Code Execution vector on the authenticating endpoint.

 

Vulnerable Systems:

Ping Identity PingID SSH before 4.0.14

 

CVE Information:

CVE-2020-10654

 

Disclosure Timeline:
Published Date:5/13/2020

Categories: News