CVE-2024-20292 - Vulnerability Details - OpenCVE

A vulnerability in the logging component of Cisco Duo Authentication for Windows Logon and RDP could allow an authenticated, local attacker to view sensitive information in clear text on an affected system. This vulnerability is due to improper storage of an unencrypted registry key in certain logs. An attacker could exploit this vulnerability by accessing the logs on an affected system. A successful exploit could allow the attacker to view sensitive information in clear text.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Cisco	Duo Authentication For Windows Logon And Rdp

Configuration 1 [-]

cpe:2.3:a:cisco:duo_authentication_for_windows_logon_and_rdp:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-duo-infodisc-rLCEqm6T

History

Mon, 24 Mar 2025 14:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Cisco Cisco duo Authentication For Windows Logon And Rdp
Weaknesses		CWE-312
CPEs		cpe:2.3:a:cisco:duo_authentication_for_windows_logon_and_rdp::::::::
Vendors & Products		Cisco Cisco duo Authentication For Windows Logon And Rdp

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2024-03-06T16:32:55.529Z

Updated: 2024-08-01T21:59:41.112Z

Reserved: 2023-11-08T15:08:07.629Z

Link: CVE-2024-20292

Vulnrichment

Updated: 2024-05-23T19:01:16.424Z

NVD

Status : Analyzed

Published: 2024-03-06T17:15:08.797

Modified: 2025-03-24T13:56:44.540

Link: CVE-2024-20292

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-20292", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "state": "PUBLISHED", "assignerShortName": "cisco", "dateReserved": "2023-11-08T15:08:07.629Z", "datePublished": "2024-03-06T16:32:55.529Z", "dateUpdated": "2024-08-01T21:59:41.112Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2024-03-06T16:32:55.529Z"}, "descriptions": [{"lang": "en", "value": "A vulnerability in the logging component of Cisco Duo Authentication for Windows Logon and RDP could allow an authenticated, local attacker to view sensitive information in clear text on an affected system. \r\n\r This vulnerability is due to improper storage of an unencrypted registry key in certain logs. An attacker could exploit this vulnerability by accessing the logs on an affected system. A successful exploit could allow the attacker to view sensitive information in clear text."}], "affected": [{"vendor": "Cisco", "product": "Cisco Duo", "versions": [{"version": "1.0.1", "status": "affected"}, {"version": "1.0.2", "status": "affected"}, {"version": "1.0.3", "status": "affected"}, {"version": "1.0.4", "status": "affected"}, {"version": "1.1.0", "status": "affected"}, {"version": "1.1.1", "status": "affected"}, {"version": "2.0.0", "status": "affected"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Exposure of Sensitive Information to an Unauthorized Actor", "type": "cwe", "cweId": "CWE-200"}]}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-duo-infodisc-rLCEqm6T", "name": "cisco-sa-duo-infodisc-rLCEqm6T"}], "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "baseScore": 4.4, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}}], "exploits": [{"lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "source": {"advisory": "cisco-sa-duo-infodisc-rLCEqm6T", "discovery": "EXTERNAL", "defects": ["CSCwi33323"]}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-20292", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-07T18:45:13.353601Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:40:00.544Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:59:41.112Z"}, "title": "CVE Program Container", "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-duo-infodisc-rLCEqm6T", "name": "cisco-sa-duo-infodisc-rLCEqm6T", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-20292", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "state": "PUBLISHED", "assignerShortName": "cisco", "dateReserved": "2023-11-08T15:08:07.629Z", "datePublished": "2024-03-06T16:32:55.529Z", "dateUpdated": "2024-06-04T17:40:00.544Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2024-03-06T16:32:55.529Z"}, "descriptions": [{"lang": "en", "value": "A vulnerability in the logging component of Cisco Duo Authentication for Windows Logon and RDP could allow an authenticated, local attacker to view sensitive information in clear text on an affected system. \r\n\r This vulnerability is due to improper storage of an unencrypted registry key in certain logs. An attacker could exploit this vulnerability by accessing the logs on an affected system. A successful exploit could allow the attacker to view sensitive information in clear text."}], "affected": [{"vendor": "Cisco", "product": "Cisco Duo", "versions": [{"version": "1.0.1", "status": "affected"}, {"version": "1.0.2", "status": "affected"}, {"version": "1.0.3", "status": "affected"}, {"version": "1.0.4", "status": "affected"}, {"version": "1.1.0", "status": "affected"}, {"version": "1.1.1", "status": "affected"}, {"version": "2.0.0", "status": "affected"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Exposure of Sensitive Information to an Unauthorized Actor", "type": "cwe", "cweId": "CWE-200"}]}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-duo-infodisc-rLCEqm6T", "name": "cisco-sa-duo-infodisc-rLCEqm6T"}], "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "baseScore": 4.4, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}}], "exploits": [{"lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "source": {"advisory": "cisco-sa-duo-infodisc-rLCEqm6T", "discovery": "EXTERNAL", "defects": ["CSCwi33323"]}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-20292", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-07T18:45:13.353601Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:16.424Z"}, "title": "CISA ADP Vulnrichment"}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:duo_authentication_for_windows_logon_and_rdp:*:*:*:*:*:*:*:*", "matchCriteriaId": "D7A75C57-DC68-4A43-8ACA-90FAC4CBC271", "versionEndExcluding": "4.3.0", "versionStartIncluding": "4.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the logging component of Cisco Duo Authentication for Windows Logon and RDP could allow an authenticated, local attacker to view sensitive information in clear text on an affected system. \r\n\r This vulnerability is due to improper storage of an unencrypted registry key in certain logs. An attacker could exploit this vulnerability by accessing the logs on an affected system. A successful exploit could allow the attacker to view sensitive information in clear text."}, {"lang": "es", "value": "Una vulnerabilidad en el componente de registro de Cisco Duo Authentication para Windows Logon y RDP podr\u00eda permitir que un atacante local autenticado vea informaci\u00f3n confidencial en texto sin cifrar en un sistema afectado. Esta vulnerabilidad se debe al almacenamiento inadecuado de una clave de registro no cifrada en ciertos registros. Un atacante podr\u00eda aprovechar esta vulnerabilidad accediendo a los registros de un sistema afectado. Un exploit exitoso podr\u00eda permitir al atacante ver informaci\u00f3n confidencial en texto sin cifrar."}], "id": "CVE-2024-20292", "lastModified": "2025-03-24T13:56:44.540", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 3.6, "source": "psirt@cisco.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-03-06T17:15:08.797", "references": [{"source": "psirt@cisco.com", "tags": ["Vendor Advisory"], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-duo-infodisc-rLCEqm6T"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-duo-infodisc-rLCEqm6T"}], "sourceIdentifier": "psirt@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "psirt@cisco.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-312"}], "source": "nvd@nist.gov", "type": "Primary"}]}