CVE-2024-20503

Published: Sep 4, 2024Modified: Sep 13, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

A vulnerability in Cisco Duo Epic for Hyperdrive could allow an authenticated, local attacker to view sensitive information in cleartext on an affected system. This vulnerability is due to improper storage of an unencrypted registry key. A low-privileged attacker could exploit this vulnerability by viewing or querying the registry key on the affected system. A successful exploit could allow the attacker to view sensitive information in cleartext.

Affected (6)

Products: Cisco: Duo Authentication For Epic

Cisco

1 product

Duo Authentication For Epic

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Cisco Duo Authentication For Epic	Version 1.0.0
Cisco Duo Authentication For Epic	Version 1.0.1
Cisco Duo Authentication For Epic	Version 1.1.10
Cisco Duo Authentication For Epic	Version 1.1.13
Cisco Duo Authentication For Epic	Version 1.1.9
Cisco Duo Authentication For Epic	Version 1.2.0.95

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CWE-311

Missing Encryption of Sensitive Data

The product does not encrypt sensitive or critical information before storage or transmission.

References (1)

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-duo-epic-info-sdLv6h8y

Source: psirt@cisco.com

Vendor Advisory

Timeline

No history available yet.