Information Disclosure in Cisco Duo Authentication Proxy Logging Component
CVE-2023-20207

6.5MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Duo Authentication Proxy
Vendor: CVE Published:; 12 July 2023

What is CVE-2023-20207?

A vulnerability in the logging component of the Cisco Duo Authentication Proxy may allow authenticated remote attackers to gain unauthorized access to sensitive information. Specifically, due to unencrypted credentials being stored, an attacker with access to the logs can retrieve credentials that should remain private. This exposure of sensitive data in clear text can lead to further attacks and compromise the security of the affected system. Protecting logging mechanisms and ensuring proper credential management are essential steps to mitigate this vulnerability.

Affected Version(s)

Cisco Duo Authentication Proxy 2.10.0

Cisco Duo Authentication Proxy 2.10.1

Cisco Duo Authentication Proxy 2.11.0

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 12, 2023
Vulnerability Reserved
Oct 27, 2022