CVE-2022-40723 MEDIUM

CVE-2022-40723: Configuration-based MFA Bypass in PingID RADIUS PCV.

Vendor Ping Identity
Product PingID Radius PCV
Weakness CWE-305
Published April 25, 2023
Last update February 4, 2025

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:H/RL:U/RC:C

What the vulnerability does

01Description

The PingID RADIUS PCV adapter for PingFederate, which supports RADIUS authentication with PingID MFA, is vulnerable to MFA bypass under certain configurations.

Key dates

02Disclosure timeline

April 25, 2023 CVE published
February 4, 2025 Record updated