CVE-2023-20199
Cisco Duo Two-Factor Authentication for macOS Authentication Bypass Vulnerability
CVSS Score
6.2
EPSS Score
0.0%
EPSS Percentile
0th
A vulnerability in Cisco Duo Two-Factor Authentication for macOS could allow an authenticated, physical attacker to bypass secondary authentication and access an affected macOS device. This vulnerability is due to the incorrect handling of responses from Cisco Duo when the application is configured to fail open. An attacker with primary user credentials could exploit this vulnerability by attempting to authenticate to an affected device. A successful exploit could allow the attacker to access the affected device without valid permission.
| CWE | CWE-287 |
| Vendor | cisco |
| Product | cisco duo |
| Ecosystems | |
| Industries | NetworkingTelecommunications |
| Published | Jun 28, 2023 |
| Last Updated | Aug 2, 2024 |
Stay Ahead of the Next One
Get instant alerts for cisco cisco duo
Be the first to know when new medium vulnerabilities affecting cisco cisco duo are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Attack Vector
Physical
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected Versions
Cisco / Cisco Duo
n/a