CVE-2023-20199

A vulnerability in Cisco Duo Two-Factor Authentication for macOS could allow an authenticated, physical attacker to bypass secondary authentication and access an affected macOS device. This vulnerability is due to the incorrect handling of responses from Cisco Duo when the application is configured to fail open. An attacker with primary user credentials could exploit this vulnerability by attempting to authenticate to an affected device. A successful exploit could allow the attacker to access the affected device without valid permission.
Configurations

Configuration 1 (hide)

cpe:2.3:a:cisco:duo:*:*:*:*:*:macos:*:*

History

21 Nov 2024, 07:40

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 6.6
v2 : unknown
v3 : 6.2
References () https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-duo-mac-bypass-OyZpVPnx - Vendor Advisory () https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-duo-mac-bypass-OyZpVPnx - Vendor Advisory

06 Jul 2023, 18:00

Type Values Removed Values Added
CPE cpe:2.3:a:cisco:duo:*:*:*:*:*:macos:*:*
References (CISCO) https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-duo-mac-bypass-OyZpVPnx - (CISCO) https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-duo-mac-bypass-OyZpVPnx - Vendor Advisory
CWE NVD-CWE-Other
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.6

28 Jun 2023, 15:25

Type Values Removed Values Added
New CVE

Information

Published : 2023-06-28 15:15

Updated : 2024-11-21 07:40


NVD link : CVE-2023-20199

Mitre link : CVE-2023-20199

CVE.ORG link : CVE-2023-20199


JSON object : View

Products Affected

cisco

  • duo
CWE
CWE-287

Improper Authentication

NVD-CWE-Other