CVE-2022-23718 HIGH

CVE-2022-23718: PingID Windows Login prior to 2.8 uses known vulnerable components that can lead to remote code execution

Vendor Ping Identity
Product PingID Windows Login
Weakness CWE-1352
Published June 30, 2022
Last update August 3, 2024

CVSS base score

7.6/10
Attack vector Network
Attack complexity High
Privileges required High
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

PingID Windows Login prior to 2.8 uses known vulnerable components that can lead to remote code execution. An attacker capable of achieving a sophisticated man-in-the-middle position, or to compromise Ping Identity web servers, could deliver malicious code that would be executed as SYSTEM by the PingID Windows Login application.

Key dates

02Disclosure timeline

June 30, 2022 CVE published
August 3, 2024 Record updated