CVE-2024-20301
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability in Cisco Duo Authentication for Windows Logon and RDP could allow an authenticated, physical attacker to bypass secondary authentication and access an affected Windows device.
This vulnerability is due to a failure to invalidate locally created trusted sessions after a reboot of the affected device. An attacker with primary user credentials could exploit this vulnerability by attempting to authenticate to an affected device. A successful exploit could allow the attacker to access the affected device without valid permissions.
Una vulnerabilidad en la autenticación de Cisco Duo para el inicio de sesión de Windows y RDP podría permitir que un atacante físico autenticado omita la autenticación secundaria y acceda a un dispositivo Windows afectado. Esta vulnerabilidad se debe a una falla al invalidar las sesiones confiables creadas localmente después de reiniciar el dispositivo afectado. Un atacante con credenciales de usuario principal podría aprovechar esta vulnerabilidad al intentar autenticarse en un dispositivo afectado. Un exploit exitoso podría permitir al atacante acceder al dispositivo afectado sin permisos válidos.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2023-11-08 CVE Reserved
- 2024-03-06 CVE Published
- 2024-03-07 EPSS Updated
- 2024-08-01 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-287: Improper Authentication
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-duo-win-bypass-pn42KKBm |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Cisco Duo Search vendor "Cisco" for product "Cisco Duo" | 1.0.1 Search vendor "Cisco" for product "Cisco Duo" and version "1.0.1" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco Duo Search vendor "Cisco" for product "Cisco Duo" | 1.0.2 Search vendor "Cisco" for product "Cisco Duo" and version "1.0.2" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco Duo Search vendor "Cisco" for product "Cisco Duo" | 1.0.3 Search vendor "Cisco" for product "Cisco Duo" and version "1.0.3" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco Duo Search vendor "Cisco" for product "Cisco Duo" | 1.0.4 Search vendor "Cisco" for product "Cisco Duo" and version "1.0.4" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco Duo Search vendor "Cisco" for product "Cisco Duo" | 1.1.0 Search vendor "Cisco" for product "Cisco Duo" and version "1.1.0" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco Duo Search vendor "Cisco" for product "Cisco Duo" | 1.1.1 Search vendor "Cisco" for product "Cisco Duo" and version "1.1.1" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco Duo Search vendor "Cisco" for product "Cisco Duo" | 2.0.0 Search vendor "Cisco" for product "Cisco Duo" and version "2.0.0" | en |
Affected
| ||||||