216.73.216.6

CVE-2024-20503

· Published 04/09/2024 17:15 · Modified 13/09/2024 19:24

Labels: CVE-2024-20503 2024-09-04CVE-2024-20503CWE-200CWE-311[email protected]

Essential information

Published
04/09/2024 17:15
Modified
13/09/2024 19:24
Author
Creator
CVSS
5.5 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS metrics

Description

A vulnerability in Cisco Duo Epic for Hyperdrive could allow an authenticated, local attacker to view sensitive information in cleartext on an affected system. This vulnerability is due to improper storage of an unencrypted registry key. A low-privileged attacker could exploit this vulnerability by viewing or querying the registry key on the affected system. A successful exploit could allow the attacker to view sensitive information in cleartext.

NVD status

Status
Analyzed — CVE has had analysis completed and all data associations made.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
cisco / duo authentication for epic cpe:2.3:a:cisco:duo_authentication_for_epic:1.0.0:*:*:*:*:*:*:*
cisco / duo authentication for epic cpe:2.3:a:cisco:duo_authentication_for_epic:1.0.1:*:*:*:*:*:*:*
cisco / duo authentication for epic cpe:2.3:a:cisco:duo_authentication_for_epic:1.1.9:*:*:*:*:*:*:*
cisco / duo authentication for epic cpe:2.3:a:cisco:duo_authentication_for_epic:1.1.10:*:*:*:*:*:*:*
cisco / duo authentication for epic cpe:2.3:a:cisco:duo_authentication_for_epic:1.1.13:*:*:*:*:*:*:*
cisco / duo authentication for epic cpe:2.3:a:cisco:duo_authentication_for_epic:1.2.0.95:*:*:*:*:*:*:*

References