Published: 30/09/2022 Updated: 07/11/2023

CVSS v3 Base Score: 6.8 | Impact Score: 5.9 | Exploitability Score: 0.9

VMScore: 0

A vulnerability in the smart card login authentication of Cisco Duo for macOS could allow an unauthenticated attacker with physical access to bypass authentication. This vulnerability exists because the assigned user of a smart card is not properly matched with the authenticating user. An attacker could exploit this vulnerability by configuring a smart card login to bypass Duo authentication. A successful exploit could allow the malicious user to use any personal identity verification (PIV) smart card for authentication, even if the smart card is not assigned to the authenticating user.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cisco duo

A vulnerability in the smart card login authentication of Cisco Duo for macOS could allow an unauthenticated attacker with physical access to bypass authentication This vulnerability exists because the assigned user of a smart card is not properly matched with the authenticating user An attacker could exploit this vulnerability by configuring a s ...

CWE-287 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-duo-macOS-bypass-uKZNpXE6 https://nvd.nist.gov https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-duo-macOS-bypass-uKZNpXE6

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2022-20662

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect