CVE-2024-20503

CVE Database · CVE-2024-20503

CVE-2024-20503

· MEDIUMAnalyzed

CVSS v3.1

5.5

EPSS

0.11%

Published

Sep 4, 2024

Modified

Sep 13, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in Cisco Duo Epic for Hyperdrive could allow an authenticated, local attacker to view sensitive information in cleartext on an affected system. This vulnerability is due to improper storage of an unencrypted registry key. A low-privileged attacker could exploit this vulnerability by viewing or querying the registry key on the affected system. A successful exploit could allow the attacker to view sensitive information in cleartext.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Weaknesses (CWE)

CWE-200CWE-311

Affected Products (6)

cisco · duo_authentication_for_epicvulnerable

References (1)

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-duo-epic-info-sdLv6h8y

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs