1. Home
  2. CVE Database
  3. CVE-2023-20199
MEDIUM · 6.2

CVE-2023-20199

A vulnerability in Cisco Duo Two-Factor Authentication for macOS could allow an authenticated, physical attacker to bypass secondary authentication and access an affected macOS device. This vulnerabil...

Vulnerability Description

A vulnerability in Cisco Duo Two-Factor Authentication for macOS could allow an authenticated, physical attacker to bypass secondary authentication and access an affected macOS device. This vulnerability is due to the incorrect handling of responses from Cisco Duo when the application is configured to fail open. An attacker with primary user credentials could exploit this vulnerability by attempting to authenticate to an affected device. A successful exploit could allow the attacker to access the affected device without valid permission.

CVSS Score

6.2

MEDIUM

CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
CiscoDuo>= 2.0.0, < 2.0.2

Related Weaknesses (CWE)

CWE-287

References

FAQ

What is CVE-2023-20199?

CVE-2023-20199 is a vulnerability with a CVSS score of 6.2 (MEDIUM). A vulnerability in Cisco Duo Two-Factor Authentication for macOS could allow an authenticated, physical attacker to bypass secondary authentication and access an affected macOS device. This vulnerabil...

How severe is CVE-2023-20199?

CVE-2023-20199 has been rated MEDIUM with a CVSS base score of 6.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-20199?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Duo.