Main Vulnerability Database Vulnerabilities #VU77615

Improper Authentication in Duo Two-Factor Authentication for macOS - CVE-2023-20199

Published: June 22, 2023

Vulnerability identifier: #VU77615

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2023-20199

CWE-ID: CWE-287

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Duo Two-Factor Authentication for macOS

Software vendor:
Cisco Systems, Inc

Description

The vulnerability allows a local attacker to bypass authentication process.

The vulnerability exists due to the incorrect handling of responses from Cisco Duo when the application is configured to fail open. An administrator with physical access can bypass authentication process and gain unauthorized access to the target device.

Remediation

Install updates from vendor's website.

External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-duo-mac-bypass-OyZpVPnx

Improper Authentication in Duo Two-Factor Authentication for macOS - CVE-2023-20199

Description

Remediation

External links

Please verify you're human