VDB

CISCO-SA-DUO-DHA-FILEWRITE-XPMBMZAK

CISCO-SA-DUO-DHA-FILEWRITE-XPMBMZAK PUBLISHED CVSS 7.099999904632568 HIGH

A vulnerability in the CryptoService function of Cisco Duo Device Health Application for Windows could allow an authenticated, local attacker with low privileges to conduct directory traversal attacks and overwrite arbitrary files on an affected system. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by executing a directory traversal attack on an affected host. A successful exploit could allow an attacker to use a cryptographic key to overwrite arbitrary files with SYSTEM-level privileges, resulting in a denial of service (DoS) condition or data loss on the affected system. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Risk Scores

CVSS 3.1
7.099999904632568
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Affected Products

VendorProductVersions
Cisco Duo Device Health Application

Timeline

  • Aug 16, 2023 CVE Published
Open in Interactive Console →
$ Console Community · 100/wk Open console ›