Main Vulnerability Database SB2022092930

SB2022092930 - Improper Authentication in Cisco Duo for macOS

Published: September 29, 2022

Security Bulletin ID SB2022092930

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Physical access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper Authentication (CVE-ID: CVE-2022-20662)

The vulnerability allows a local attacker to bypass authentication process.

The vulnerability exists due to an error in the smart card login authentication. An attacker with physical access can configure a smart card login to bypass Duo authentication and use any personal identity verification (PIV) smart card for authentication.

Remediation

Install update from vendor's website.

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-duo-macOS-bypass-uKZNpXE6