CVE-2023-20207 - OpenCVE

A vulnerability in the logging component of Cisco Duo Authentication Proxy could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. This vulnerability exists because certain unencrypted credentials are stored. An attacker could exploit this vulnerability by accessing the logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to view sensitive information in clear text.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Duo	Authentication Proxy

Configuration 1 [-]

OR	cpe:2.3:a:duo:authentication_proxy:5.8.1:::::::*
	cpe:2.3:a:duo:authentication_proxy:6.0.0:::::::*

References

Link	Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-duo-auth-info-JgkSWBLz	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: cisco

Published: 2023-07-12T13:51:48.952Z

Updated: 2024-01-25T16:57:59.633Z

Reserved: 2022-10-27T18:47:50.367Z

Link: CVE-2023-20207

JSON object: View

NVD Information

Status : Modified

Published: 2023-07-12T14:15:09.793

Modified: 2024-01-25T17:15:35.933

Link: CVE-2023-20207

JSON object: View

Redhat Information

No data.

CWE

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-20207", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "state": "PUBLISHED", "assignerShortName": "cisco", "dateReserved": "2022-10-27T18:47:50.367Z", "datePublished": "2023-07-12T13:51:48.952Z", "dateUpdated": "2024-01-25T16:57:59.633Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2024-01-25T16:57:59.633Z"}, "descriptions": [{"lang": "en", "value": "A vulnerability in the logging component of Cisco Duo Authentication Proxy could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system.\r\n\r This vulnerability exists because certain unencrypted credentials are stored. An attacker could exploit this vulnerability by accessing the logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to view sensitive information in clear text."}], "affected": [{"vendor": "Cisco", "product": "Cisco Duo Authentication Proxy", "versions": [{"version": "2.10.0", "status": "affected"}, {"version": "2.10.1", "status": "affected"}, {"version": "2.11.0", "status": "affected"}, {"version": "2.12.0", "status": "affected"}, {"version": "2.12.1", "status": "affected"}, {"version": "2.13.0", "status": "affected"}, {"version": "2.14.0", "status": "affected"}, {"version": "2.4.10", "status": "affected"}, {"version": "2.4.11", "status": "affected"}, {"version": "2.4.12", "status": "affected"}, {"version": "2.4.13", "status": "affected"}, {"version": "2.4.14", "status": "affected"}, {"version": "2.4.14.1", "status": "affected"}, {"version": "2.4.15", "status": "affected"}, {"version": "2.4.16", "status": "affected"}, {"version": "2.4.17", "status": "affected"}, {"version": "2.4.18", "status": "affected"}, {"version": "2.4.19", "status": "affected"}, {"version": "2.4.2", "status": "affected"}, {"version": "2.4.20", "status": "affected"}, {"version": "2.4.21", "status": "affected"}, {"version": "2.4.3", "status": "affected"}, {"version": "2.4.4", "status": "affected"}, {"version": "2.4.5", "status": "affected"}, {"version": "2.4.6", "status": "affected"}, {"version": "2.4.7", "status": "affected"}, {"version": "2.4.8", "status": "affected"}, {"version": "2.4.9", "status": "affected"}, {"version": "2.5.4", "status": "affected"}, {"version": "2.6.0", "status": "affected"}, {"version": "2.7.0", "status": "affected"}, {"version": "2.8.1", "status": "affected"}, {"version": "2.9.0", "status": "affected"}, {"version": "3.0.0", "status": "affected"}, {"version": "3.1.0", "status": "affected"}, {"version": "3.1.1", "status": "affected"}, {"version": "3.2.0", "status": "affected"}, {"version": "3.2.1", "status": "affected"}, {"version": "3.2.2", "status": "affected"}, {"version": "3.2.3", "status": "affected"}, {"version": "3.2.4", "status": "affected"}, {"version": "4.0.0", "status": "affected"}, {"version": "4.0.1", "status": "affected"}, {"version": "4.0.2", "status": "affected"}, {"version": "5.0.0", "status": "affected"}, {"version": "5.0.1", "status": "affected"}, {"version": "5.0.2", "status": "affected"}, {"version": "5.1.0", "status": "affected"}, {"version": "5.1.1", "status": "affected"}, {"version": "5.2.0", "status": "affected"}, {"version": "5.2.1", "status": "affected"}, {"version": "5.2.2", "status": "affected"}, {"version": "5.3.0", "status": "affected"}, {"version": "5.3.1", "status": "affected"}, {"version": "5.4.0", "status": "affected"}, {"version": "5.4.1", "status": "affected"}, {"version": "5.5.0", "status": "affected"}, {"version": "5.5.1", "status": "affected"}, {"version": "5.6.0", "status": "affected"}, {"version": "5.6.1", "status": "affected"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Insertion of Sensitive Information into Log File", "type": "cwe", "cweId": "CWE-532"}]}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-duo-auth-info-JgkSWBLz", "name": "cisco-sa-duo-auth-info-JgkSWBLz"}], "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "baseScore": 4.9, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}}], "exploits": [{"lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "source": {"advisory": "cisco-sa-duo-auth-info-JgkSWBLz", "discovery": "INTERNAL", "defects": ["CSCwf65004"]}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:duo:authentication_proxy:5.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "4EAB8457-7C1E-4184-9966-772DC470B330", "vulnerable": true}, {"criteria": "cpe:2.3:a:duo:authentication_proxy:6.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "250AF3A1-57E7-41BD-A126-43DAAB6E1E00", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the logging component of Cisco Duo Authentication Proxy could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system.\r\n\r This vulnerability exists because certain unencrypted credentials are stored. An attacker could exploit this vulnerability by accessing the logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to view sensitive information in clear text."}], "id": "CVE-2023-20207", "lastModified": "2024-01-25T17:15:35.933", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "ykramarz@cisco.com", "type": "Secondary"}]}, "published": "2023-07-12T14:15:09.793", "references": [{"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-duo-auth-info-JgkSWBLz"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-312"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-532"}], "source": "ykramarz@cisco.com", "type": "Secondary"}]}