CVE-2023-20207 - OpenCVE

A vulnerability in the logging component of Cisco Duo Authentication Proxy could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. This vulnerability exists because certain unencrypted credentials are stored. An attacker could exploit this vulnerability by accessing the logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to view sensitive information in clear text.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Duo	Authentication Proxy

Configuration 1 [-]

OR	cpe:2.3:a:duo:authentication_proxy:5.8.1:::::::*
	cpe:2.3:a:duo:authentication_proxy:6.0.0:::::::*

No data.

References

Link	Providers
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-duo-auth-info-JgkSWBLz

History

No history.

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2023-07-12T13:51:48.952Z

Updated: 2024-08-02T09:05:36.181Z

Reserved: 2022-10-27T18:47:50.367Z

Link: CVE-2023-20207

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-07-12T14:15:09.793

Modified: 2024-01-25T17:15:35.933

Link: CVE-2023-20207

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-20207", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "state": "PUBLISHED", "assignerShortName": "cisco", "dateReserved": "2022-10-27T18:47:50.367Z", "datePublished": "2023-07-12T13:51:48.952Z", "dateUpdated": "2024-08-02T09:05:36.181Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2024-01-25T16:57:59.633Z"}, "descriptions": [{"lang": "en", "value": "A vulnerability in the logging component of Cisco Duo Authentication Proxy could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system.\r\n\r This vulnerability exists because certain unencrypted credentials are stored. An attacker could exploit this vulnerability by accessing the logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to view sensitive information in clear text."}], "affected": [{"vendor": "Cisco", "product": "Cisco Duo Authentication Proxy", "versions": [{"version": "2.10.0", "status": "affected"}, {"version": "2.10.1", "status": "affected"}, {"version": "2.11.0", "status": "affected"}, {"version": "2.12.0", "status": "affected"}, {"version": "2.12.1", "status": "affected"}, {"version": "2.13.0", "status": "affected"}, {"version": "2.14.0", "status": "affected"}, {"version": "2.4.10", "status": "affected"}, {"version": "2.4.11", "status": "affected"}, {"version": "2.4.12", "status": "affected"}, {"version": "2.4.13", "status": "affected"}, {"version": "2.4.14", "status": "affected"}, {"version": "2.4.14.1", "status": "affected"}, {"version": "2.4.15", "status": "affected"}, {"version": "2.4.16", "status": "affected"}, {"version": "2.4.17", "status": "affected"}, {"version": "2.4.18", "status": "affected"}, {"version": "2.4.19", "status": "affected"}, {"version": "2.4.2", "status": "affected"}, {"version": "2.4.20", "status": "affected"}, {"version": "2.4.21", "status": "affected"}, {"version": "2.4.3", "status": "affected"}, {"version": "2.4.4", "status": "affected"}, {"version": "2.4.5", "status": "affected"}, {"version": "2.4.6", "status": "affected"}, {"version": "2.4.7", "status": "affected"}, {"version": "2.4.8", "status": "affected"}, {"version": "2.4.9", "status": "affected"}, {"version": "2.5.4", "status": "affected"}, {"version": "2.6.0", "status": "affected"}, {"version": "2.7.0", "status": "affected"}, {"version": "2.8.1", "status": "affected"}, {"version": "2.9.0", "status": "affected"}, {"version": "3.0.0", "status": "affected"}, {"version": "3.1.0", "status": "affected"}, {"version": "3.1.1", "status": "affected"}, {"version": "3.2.0", "status": "affected"}, {"version": "3.2.1", "status": "affected"}, {"version": "3.2.2", "status": "affected"}, {"version": "3.2.3", "status": "affected"}, {"version": "3.2.4", "status": "affected"}, {"version": "4.0.0", "status": "affected"}, {"version": "4.0.1", "status": "affected"}, {"version": "4.0.2", "status": "affected"}, {"version": "5.0.0", "status": "affected"}, {"version": "5.0.1", "status": "affected"}, {"version": "5.0.2", "status": "affected"}, {"version": "5.1.0", "status": "affected"}, {"version": "5.1.1", "status": "affected"}, {"version": "5.2.0", "status": "affected"}, {"version": "5.2.1", "status": "affected"}, {"version": "5.2.2", "status": "affected"}, {"version": "5.3.0", "status": "affected"}, {"version": "5.3.1", "status": "affected"}, {"version": "5.4.0", "status": "affected"}, {"version": "5.4.1", "status": "affected"}, {"version": "5.5.0", "status": "affected"}, {"version": "5.5.1", "status": "affected"}, {"version": "5.6.0", "status": "affected"}, {"version": "5.6.1", "status": "affected"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Insertion of Sensitive Information into Log File", "type": "cwe", "cweId": "CWE-532"}]}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-duo-auth-info-JgkSWBLz", "name": "cisco-sa-duo-auth-info-JgkSWBLz"}], "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "baseScore": 4.9, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}}], "exploits": [{"lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "source": {"advisory": "cisco-sa-duo-auth-info-JgkSWBLz", "discovery": "INTERNAL", "defects": ["CSCwf65004"]}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T09:05:36.181Z"}, "title": "CVE Program Container", "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-duo-auth-info-JgkSWBLz", "name": "cisco-sa-duo-auth-info-JgkSWBLz", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:duo:authentication_proxy:5.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "4EAB8457-7C1E-4184-9966-772DC470B330", "vulnerable": true}, {"criteria": "cpe:2.3:a:duo:authentication_proxy:6.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "250AF3A1-57E7-41BD-A126-43DAAB6E1E00", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the logging component of Cisco Duo Authentication Proxy could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system.\r\n\r This vulnerability exists because certain unencrypted credentials are stored. An attacker could exploit this vulnerability by accessing the logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to view sensitive information in clear text."}], "id": "CVE-2023-20207", "lastModified": "2024-01-25T17:15:35.933", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "ykramarz@cisco.com", "type": "Secondary"}]}, "published": "2023-07-12T14:15:09.793", "references": [{"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-duo-auth-info-JgkSWBLz"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-312"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-532"}], "source": "ykramarz@cisco.com", "type": "Secondary"}]}