VDB
CVE-2023-20207
CVE-2023-20207
PUBLISHED
CVSS 4.900000095367432 MEDIUM
A vulnerability in the logging component of Cisco Duo Authentication Proxy could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. This vulnerability exists because certain unencrypted credentials are stored. An attacker could exploit this vulnerability by accessing the logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to view sensitive information in clear text.
EPSS 0.07% · 22.5th percentile
Risk Scores
CVSS 3.1
4.900000095367432
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
EPSS Score
0.07%
22.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| duo | authentication_proxy | 6.0.0, 5.8.1 |
| Cisco | Cisco Duo Authentication Proxy | 2.10.0, 2.12.0, 2.12.1 |
Exploit Intelligence
- cisco-sa-duo-auth-info-JgkSWBLz (circl)
Timeline
- Jul 12, 2023 CVE Published
- Jul 13, 2023 EPSS Score
- Aug 17, 2023 EPSS Score
- Sep 20, 2023 EPSS Score
- Oct 25, 2023 EPSS Score
- Nov 28, 2023 EPSS Score
- Jan 2, 2024 EPSS Score
- Feb 5, 2024 EPSS Score
- Mar 11, 2024 EPSS Score
- Apr 14, 2024 EPSS Score
- May 19, 2024 EPSS Score
- Jun 23, 2024 EPSS Score