Detections
Analytics

Cisco Duo Authentication for macOS Logon Offline Credentials Replay (cisco-sa-duo-replay-knuNKd)

medium Nessus Plugin ID 173971

Language:

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

According to its self-reported version, Cisco Duo Authentication for macOS is affected by a vulnerability. A vulnerability in the offline access mode of Cisco Duo Two-Factor Authentication for macOS and Duo Authentication for Windows Logon and RDP could allow an unauthenticated, physical attacker to replay valid user session credentials and gain unauthorized access to an affected macOS or Windows device. This vulnerability exists because session credentials do not properly expire. An attacker could exploit this vulnerability by replaying previously used multifactor authentication (MFA) codes to bypass MFA protection. A successful exploit could allow the attacker to gain unauthorized access to the affected device.

Please see the included Cisco BIDs and Cisco Security Advisory for more information.

Solution

Upgrade to the relevant fixed version referenced in Cisco bug IDs CSCwe66449, CSCwe66538

See Also

http://www.nessus.org/u?7a6a74a2

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwe66449

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwe66538

Plugin Details

Severity: Medium

ID: 173971

File Name: cisco-sa-duo-replay-knuNKd.nasl

Version: 1.2

Type: local

Agent: macosx

Published: 4/6/2023

Updated: 4/13/2023

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 4.9

Temporal Score: 3.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:N

CVSS Score Source: CVE-2023-20123

CVSS v3

Risk Factor: Medium

Base Score: 4.6

Temporal Score: 4

Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:cisco:duo

Required KB Items: Host/local_checks_enabled, Host/MacOSX/Version, installed_sw/Cisco Duo

Exploit Ease: No known exploits are available

Patch Publication Date: 4/5/2023

Vulnerability Publication Date: 4/5/2023

Reference Information

CVE: CVE-2023-20123