VDB
CVE-2024-20292
CVE-2024-20292
PUBLISHED
CVSS 4.400000095367432 MEDIUM
A vulnerability in the logging component of Cisco Duo Authentication for Windows Logon and RDP could allow an authenticated, local attacker to view sensitive information in clear text on an affected system. This vulnerability is due to improper storage of an unencrypted registry key in certain logs. An attacker could exploit this vulnerability by accessing the logs on an affected system. A successful exploit could allow the attacker to view sensitive information in clear text.
EPSS 0.02% · 4.7th percentile
Risk Scores
CVSS 3.1
4.400000095367432
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
EPSS Score
0.02%
4.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| cisco | duo_authentication_for_windows_logon_and_rdp | 4.0.0, 4.0.0, 4.0.0 |
| Cisco | Cisco Duo | 1.0.1, 1.0.2, 1.0.3 |
Exploit Intelligence
- CIRCL seen: CVE-2024-20292 (circl-sighting)
- cisco-sa-duo-infodisc-rLCEqm6T (circl)
Timeline
- Mar 6, 2024 CVE Published
- Mar 7, 2024 EPSS Score
- Mar 8, 2024 PoC Published
- Apr 2, 2024 EPSS Score
- Apr 29, 2024 EPSS Score
- May 25, 2024 EPSS Score
- Jun 21, 2024 EPSS Score
- Jul 17, 2024 EPSS Score
- Aug 13, 2024 EPSS Score
- Sep 8, 2024 EPSS Score
- Oct 4, 2024 EPSS Score
- Oct 4, 2024 Coalition ESS Score