Multiple vulnerabilities in Active Directory Federation Services (ADFS)

Published: 2019-07-10 02:16:15 | Updated: 2019-07-10
Severity Medium
Patch available YES
Number of vulnerabilities 2
CVE ID CVE-2019-0975
CVE-2019-1126
CVSSv3 3.7 [CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
4.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CWE ID CWE-399
CWE-799
Exploitation vector Network
Public exploit N/A
Vulnerable software Windows Server
Vulnerable software versions Windows Server 2016
Windows Server 2019
Windows Server 1803
Windows Server 1903
Windows Server 2012 R2
Vendor URL Microsoft

Security Advisory

1) Resource management error

Description

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to the way Active Directory Federation Services (ADFS) performs updates for the list of banned IP addresses. A remote attacker can convince the ADFS administrator to update a list of banned IP addresses and bypass security restrictions

Remediation

Install updates from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0975

2) Improper control of interaction frequency

Description

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to the way Active Directory Federation Services (ADFS) handles external authentication requests. A remote attacker can perform a brute-force attack and cause account lockouts in Active Directory.

Remediation

Install updates from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1126

Back to List