CVE-2024-20503 — Vulnetix

CVE-2024-20503 PUBLISHED CVSS 5.5 MEDIUM

A vulnerability in Cisco Duo Epic for Hyperdrive could allow an authenticated, local attacker to view sensitive information in cleartext on an affected system. This vulnerability is due to improper storage of an unencrypted registry key. A low-privileged attacker could exploit this vulnerability by viewing or querying the registry key on the affected system. A successful exploit could allow the attacker to view sensitive information in cleartext.

EPSS 0.07% · 22.1th percentile

Risk Scores

CVSS 3.1

5.5

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS Score

0.07%

22.1th percentile

Affected Products

Vendor	Product	Versions
Cisco	Cisco Duo Authentication for Epic	1.0.0, 1.1.9, 1.1.10
cisco	duo_authentication_for_epic	1.0.0, 1.0.1, 1.1.9

Exploit Intelligence

CIRCL seen: CVE-2024-20503 (circl-sighting)
cisco-sa-duo-epic-info-sdLv6h8y (circl)

Timeline

Sep 4, 2024 CVE Published
Sep 4, 2024 CVE Updated
Sep 4, 2024 PoC Published
Sep 5, 2024 EPSS Score
Sep 25, 2024 EPSS Score
Oct 4, 2024 Coalition ESS Score
Oct 15, 2024 EPSS Score
Nov 4, 2024 EPSS Score
Nov 24, 2024 EPSS Score
Dec 15, 2024 EPSS Score
Jan 4, 2025 EPSS Score
Jan 24, 2025 EPSS Score

References

cisco-sa-duo-epic-info-sdLv6h8y url
https://nvd.nist.gov/vuln/detail/CVE-2024-20503 advisory

Open in Interactive Console →