Information Disclosure in Cisco Duo Authentication Proxy Logging Component
CVE-2023-20207

6.5MEDIUM

Key Information:

Vendor

Cisco
Status
Cisco Duo Authentication Proxy
Vendor
CVE Published:
12 July 2023

What is CVE-2023-20207?

A vulnerability in the logging component of the Cisco Duo Authentication Proxy may allow authenticated remote attackers to gain unauthorized access to sensitive information. Specifically, due to unencrypted credentials being stored, an attacker with access to the logs can retrieve credentials that should remain private. This exposure of sensitive data in clear text can lead to further attacks and compromise the security of the affected system. Protecting logging mechanisms and ensuring proper credential management are essential steps to mitigate this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Cisco Duo Authentication Proxy 2.10.0

Cisco Duo Authentication Proxy 2.10.1

Cisco Duo Authentication Proxy 2.11.0

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.