PT-2019-2764 · Microsoft · Active Directory Federation Services+1

Mike Crowley

Published

2019-07-09

Updated

2020-08-24

CVE-2019-0975

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Active Directory Federation Services (ADFS) (affected versions not specified)

Description A security feature bypass issue exists due to improper updates of banned IP addresses in Active Directory Federation Services (ADFS). To exploit this, an attacker must convince an ADFS administrator to update the banned IP address list. This issue allows attackers to bypass security features, potentially enabling them to affect the system. The vulnerability is related to errors in security settings and can be exploited by a remote attacker to bypass authentication procedures.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-254

Related Identifiers

BDU:2019-02701

CVE-2019-0975

Affected Products

Active Directory Federation Services

Windows

PT-2019-2764 · Microsoft · Active Directory Federation Services+1

CVE-2019-0975

Weakness Enumeration

Related Identifiers

Affected Products

References · 7