Cisco Duo Two-Factor Authentication for macOS Authentication Bypass Vulnerability
CVE-2023-20199

6.6MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Duo
Vendor: CVE Published:; 28 June 2023

Summary

A vulnerability in Cisco Duo Two-Factor Authentication for macOS could allow an authenticated, physical attacker to bypass secondary authentication and access an affected macOS device. This vulnerability is due to the incorrect handling of responses from Cisco Duo when the application is configured to fail open. An attacker with primary user credentials could exploit this vulnerability by attempting to authenticate to an affected device. A successful exploit could allow the attacker to access the affected device without valid permission.

Affected Version(s)

Cisco Duo

References

https://sec.cloudapps.cisco.com/security/center/content/C...

vendor-advisory

CVSS V3.1

Score:

6.6

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 28, 2023
Vulnerability Reserved
Oct 27, 2022