Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cisco duo vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2018-7340
Duo Network Gateway 1.2.9 and previous versions may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to poten...
Cisco Duo Network Gateway
3.3
CVSSv2
CVE-2020-3483
Duo has identified and fixed an issue with the Duo Network Gateway (DNG) product in which some customer-provided SSL certificates and private keys were not excluded from logging. This issue resulted in certificate and private key information being written out in plain-text to loc...
Cisco Duo Network Gateway
4.6
CVSSv2
CVE-2020-3427
The Windows Logon installer before 4.1.2 did not properly validate file installation paths. This allows an attacker with local user privileges to coerce the installer to write to arbitrary privileged directories. If successful, an attacker can manipulate files used by Windows Log...
Cisco Duo Authentication For Windows Logon And Rdp
NA
CVE-2023-20229
A vulnerability in the CryptoService function of Cisco Duo Device Health Application for Windows could allow an authenticated, local attacker with low privileges to conduct directory traversal attacks and overwrite arbitrary files on an affected system. This vulnerability is due ...
Cisco Duo Device Health Application
NA
CVE-2023-20123
A vulnerability in the offline access mode of Cisco Duo Two-Factor Authentication for macOS and Duo Authentication for Windows Logon and RDP could allow an unauthenticated, physical malicious user to replay valid user session credentials and gain unauthorized access to an affecte...
Cisco Duo
Cisco Duo Authentication For Windows Logon And Rdp
NA
CVE-2023-20207
A vulnerability in the logging component of Cisco Duo Authentication Proxy could allow an authenticated, remote malicious user to view sensitive information in clear text on an affected system. This vulnerability exists because certain unencrypted credentials are stored. An attac...
Duo Authentication Proxy 5.8.1
Duo Authentication Proxy 6.0.0
NA
CVE-2023-20199
A vulnerability in Cisco Duo Two-Factor Authentication for macOS could allow an authenticated, physical malicious user to bypass secondary authentication and access an affected macOS device. This vulnerability is due to the incorrect handling of responses from Cisco Duo when the ...
Cisco Duo
NA
CVE-2022-20662
A vulnerability in the smart card login authentication of Cisco Duo for macOS could allow an unauthenticated attacker with physical access to bypass authentication. This vulnerability exists because the assigned user of a smart card is not properly matched with the authenticating...
Cisco Duo
NA
CVE-2024-20292
A vulnerability in the logging component of Cisco Duo Authentication for Windows Logon and RDP could allow an authenticated, local malicious user to view sensitive information in clear text on an affected system. This vulnerability is due to improper storage of an unencrypted reg...
NA
CVE-2024-20301
A vulnerability in Cisco Duo Authentication for Windows Logon and RDP could allow an authenticated, physical malicious user to bypass secondary authentication and access an affected Windows device. This vulnerability is due to a failure to invalidate locally created trusted sessi...
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started