cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-20292,https://securityvulnerability.io/vulnerability/CVE-2024-20292,Cisco Duo Authentication Vulnerability Could Lead to Clear Text Sensitive Information Exposure,"A vulnerability in the logging component of Cisco Duo Authentication for Windows Logon and RDP could allow an authenticated, local attacker to view sensitive information in clear text on an affected system. 
 This vulnerability is due to improper storage of an unencrypted registry key in certain logs. An attacker could exploit this vulnerability by accessing the logs on an affected system. A successful exploit could allow the attacker to view sensitive information in clear text.",Cisco,Cisco Duo,4.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-03-06T16:32:55.529Z,0
CVE-2024-20301,https://securityvulnerability.io/vulnerability/CVE-2024-20301,Cisco Duo Authentication Vulnerability Allows Bypass of Secondary Authentication,"A vulnerability in Cisco Duo Authentication for Windows Logon and RDP could allow an authenticated, physical attacker to bypass secondary authentication and access an affected Windows device. 
 This vulnerability is due to a failure to invalidate locally created trusted sessions after a reboot of the affected device. An attacker with primary user credentials could exploit this vulnerability by attempting to authenticate to an affected device. A successful exploit could allow the attacker to access the affected device without valid permissions.",Cisco,Cisco Duo,6.2,MEDIUM,0.0004299999854993075,false,,true,true,true,2024-03-07T09:01:08.000Z,,false,false,,2024-03-06T16:28:22.087Z,0
CVE-2023-20229,https://securityvulnerability.io/vulnerability/CVE-2023-20229,Directory Traversal Vulnerability in Cisco Duo Device Health Application for Windows,"A vulnerability in the CryptoService function of the Cisco Duo Device Health Application for Windows enables low-privilege authenticated local attackers to exploit insufficient input validation. By executing a directory traversal attack, an attacker can overwrite arbitrary files on the affected system using a cryptographic key, potentially leading to denial of service (DoS) or data loss.",Cisco,Cisco Duo Device Health Application,7.1,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2023-08-16T22:15:00.000Z,0
CVE-2023-20207,https://securityvulnerability.io/vulnerability/CVE-2023-20207,Information Disclosure in Cisco Duo Authentication Proxy Logging Component,"A vulnerability in the logging component of the Cisco Duo Authentication Proxy may allow authenticated remote attackers to gain unauthorized access to sensitive information. Specifically, due to unencrypted credentials being stored, an attacker with access to the logs can retrieve credentials that should remain private. This exposure of sensitive data in clear text can lead to further attacks and compromise the security of the affected system. Protecting logging mechanisms and ensuring proper credential management are essential steps to mitigate this vulnerability.",Cisco,Cisco Duo Authentication Proxy,6.5,MEDIUM,0.0010000000474974513,false,,false,false,false,,,false,false,,2023-07-12T14:15:00.000Z,0
CVE-2023-20199,https://securityvulnerability.io/vulnerability/CVE-2023-20199,Cisco Duo Two-Factor Authentication for macOS Authentication Bypass Vulnerability,"A vulnerability in Cisco Duo Two-Factor Authentication for macOS could allow an authenticated, physical attacker to bypass secondary authentication and access an affected macOS device. This vulnerability is due to the incorrect handling of responses from Cisco Duo when the application is configured to fail open. An attacker with primary user credentials could exploit this vulnerability by attempting to authenticate to an affected device. A successful exploit could allow the attacker to access the affected device without valid permission.",Cisco,"Cisco Duo ",6.6,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2023-06-28T00:00:00.000Z,0
CVE-2023-20123,https://securityvulnerability.io/vulnerability/CVE-2023-20123,Cisco Duo Authentication for macOS and Duo Authentication for Windows Logon Offline Credentials Replay Vulnerability,"A vulnerability in the offline access mode of Cisco Duo Two-Factor Authentication for macOS and Duo Authentication for Windows Logon and RDP could allow an unauthenticated, physical attacker to replay valid user session credentials and gain unauthorized access to an affected macOS or Windows device. This vulnerability exists because session credentials do not properly expire. An attacker could exploit this vulnerability by replaying previously used multifactor authentication (MFA) codes to bypass MFA protection. A successful exploit could allow the attacker to gain unauthorized access to the affected device.",Cisco,Cisco Duo,6.3,MEDIUM,0.000590000010561198,false,,false,false,true,2024-10-28T17:15:05.000Z,,false,false,,2023-04-05T00:00:00.000Z,0
CVE-2022-20662,https://securityvulnerability.io/vulnerability/CVE-2022-20662,Cisco Duo for macOS Authentication Bypass Vulnerability,"A vulnerability in the smart card login authentication of Cisco Duo for macOS could allow an unauthenticated attacker with physical access to bypass authentication. This vulnerability exists because the assigned user of a smart card is not properly matched with the authenticating user. An attacker could exploit this vulnerability by configuring a smart card login to bypass Duo authentication. A successful exploit could allow the attacker to use any personal identity verification (PIV) smart card for authentication, even if the smart card is not assigned to the authenticating user.",Cisco,Cisco Duo,6.1,MEDIUM,0.0006000000284984708,false,,false,false,true,2024-08-03T03:15:35.000Z,,false,false,,2022-09-28T00:00:00.000Z,0