CVE-2023-20207

Summary

A vulnerability in the logging component of Cisco Duo Authentication Proxy could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. This vulnerability exists because certain unencrypted credentials are stored. An attacker could exploit this vulnerability by accessing the logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to view sensitive information in clear text.

Affected Software

VendorProductVersion RangeStatus
CiscoCisco Duo Authentication Proxy2.10.0affected
CiscoCisco Duo Authentication Proxy2.10.1affected
CiscoCisco Duo Authentication Proxy2.11.0affected
CiscoCisco Duo Authentication Proxy2.12.0affected
CiscoCisco Duo Authentication Proxy2.12.1affected
CiscoCisco Duo Authentication Proxy2.13.0affected
CiscoCisco Duo Authentication Proxy2.14.0affected
CiscoCisco Duo Authentication Proxy2.4.10affected
CiscoCisco Duo Authentication Proxy2.4.11affected
CiscoCisco Duo Authentication Proxy2.4.12affected
CiscoCisco Duo Authentication Proxy2.4.13affected
CiscoCisco Duo Authentication Proxy2.4.14affected
CiscoCisco Duo Authentication Proxy2.4.14.1affected
CiscoCisco Duo Authentication Proxy2.4.15affected
CiscoCisco Duo Authentication Proxy2.4.16affected
CiscoCisco Duo Authentication Proxy2.4.17affected
CiscoCisco Duo Authentication Proxy2.4.18affected
CiscoCisco Duo Authentication Proxy2.4.19affected
CiscoCisco Duo Authentication Proxy2.4.2affected
CiscoCisco Duo Authentication Proxy2.4.20affected
CiscoCisco Duo Authentication Proxy2.4.21affected
CiscoCisco Duo Authentication Proxy2.4.3affected
CiscoCisco Duo Authentication Proxy2.4.4affected
CiscoCisco Duo Authentication Proxy2.4.5affected
CiscoCisco Duo Authentication Proxy2.4.6affected
CiscoCisco Duo Authentication Proxy2.4.7affected
CiscoCisco Duo Authentication Proxy2.4.8affected
CiscoCisco Duo Authentication Proxy2.4.9affected
CiscoCisco Duo Authentication Proxy2.5.4affected
CiscoCisco Duo Authentication Proxy2.6.0affected
CiscoCisco Duo Authentication Proxy2.7.0affected
CiscoCisco Duo Authentication Proxy2.8.1affected
CiscoCisco Duo Authentication Proxy2.9.0affected
CiscoCisco Duo Authentication Proxy3.0.0affected
CiscoCisco Duo Authentication Proxy3.1.0affected
CiscoCisco Duo Authentication Proxy3.1.1affected
CiscoCisco Duo Authentication Proxy3.2.0affected
CiscoCisco Duo Authentication Proxy3.2.1affected
CiscoCisco Duo Authentication Proxy3.2.2affected
CiscoCisco Duo Authentication Proxy3.2.3affected
CiscoCisco Duo Authentication Proxy3.2.4affected
CiscoCisco Duo Authentication Proxy4.0.0affected
CiscoCisco Duo Authentication Proxy4.0.1affected
CiscoCisco Duo Authentication Proxy4.0.2affected
CiscoCisco Duo Authentication Proxy5.0.0affected
CiscoCisco Duo Authentication Proxy5.0.1affected
CiscoCisco Duo Authentication Proxy5.0.2affected
CiscoCisco Duo Authentication Proxy5.1.0affected
CiscoCisco Duo Authentication Proxy5.1.1affected
CiscoCisco Duo Authentication Proxy5.2.0affected
CiscoCisco Duo Authentication Proxy5.2.1affected
CiscoCisco Duo Authentication Proxy5.2.2affected
CiscoCisco Duo Authentication Proxy5.3.0affected
CiscoCisco Duo Authentication Proxy5.3.1affected
CiscoCisco Duo Authentication Proxy5.4.0affected
CiscoCisco Duo Authentication Proxy5.4.1affected
CiscoCisco Duo Authentication Proxy5.5.0affected
CiscoCisco Duo Authentication Proxy5.5.1affected
CiscoCisco Duo Authentication Proxy5.6.0affected
CiscoCisco Duo Authentication Proxy5.6.1affected

Weaknesses

  • CWE-532: Insertion of Sensitive Information into Log File

ADP Enrichment

CVE Program Container

Additional References

References