Cisco Duo for Windows Logon and RDP Let Attacker Bypass Authentication
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
A critical vulnerability, CVE-2024-20301 has been identified in Cisco Duo Authentication for Windows Logon and Remote Desktop Protocol (RDP), posing a security risk to affected systems.
This flaw could allow an authenticated, local attacker to bypass secondary authentication mechanisms and gain unauthorized access to Windows devices.
The vulnerability stems from a failure to invalidate locally created trusted sessions after a device reboot, enabling attackers with primary user credentials to exploit this weakness successfully.
The vulnerability impacts Cisco Duo Authentication for Windows Logon and RDP versions 4.2.0 through 4.2.2. Systems running earlier versions than 4.2.0 or the latest patched version, 4.3.0, are not vulnerable to this exploit.
The risk associated with this vulnerability is exceptionally high due to the potential for attackers to gain access to sensitive information and systems without valid permissions, posing a significant threat to organizational security and data integrity.
Cisco’s Response and Software Updates
In response to the discovery of this vulnerability, Cisco has released software updates to address the issue, with no workarounds available.
The company advises customers to regularly consult the Cisco Security Advisories page for advisories on Cisco products to determine exposure and complete upgrade solutions.
📁🄳🄾🄲🅄🄼🄴🄽🅃
Customers must ensure that their devices have sufficient memory and that the new release will support current hardware and software configurations.
Contacting the Cisco Technical Assistance Center (TAC) or contracted maintenance providers is recommended for any uncertainties.
Fixed Software Releases
Cisco has provided detailed information on the fixed software releases for affected versions:
This information is critical for administrators to ensure that their systems are updated to the latest, secure versions, mitigating the risk posed by this vulnerability.
Recommendations for Administrators
Administrators are urged to update affected systems to the latest software release as soon as possible. Additionally, Cisco Duo recommends rotating the registry key on affected devices as an immediate security measure.
This can be accomplished by navigating to the protected application in the Duo Admin Panel and clicking “Reset Secret Key.”
For more detailed instructions on this process, Cisco provides resources on resetting the secret key for a Duo-Protected Application or Directory Sync.
The discovery of this vulnerability in Cisco Duo Authentication for Windows Logon and RDP underscores the importance of maintaining up-to-date software and adhering to best security practices.
You can block malware, including Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits, with Perimeter81 malware protection . All are incredibly harmful, can wreak havoc, and damage your network.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.
#Cyber_Security_News #Uncategorized #Vulnerability #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
Cisco Duo for Windows Logon and RDP Let Attacker Bypass Authentication
Author: DhivyaA critical vulnerability, CVE-2024-20301 has been identified in Cisco Duo Authentication for Windows Logon and Remote Desktop Protocol (RDP), posing a security risk to affected systems.
This flaw could allow an authenticated, local attacker to bypass secondary authentication mechanisms and gain unauthorized access to Windows devices.
The vulnerability stems from a failure to invalidate locally created trusted sessions after a device reboot, enabling attackers with primary user credentials to exploit this weakness successfully.
The vulnerability impacts Cisco Duo Authentication for Windows Logon and RDP versions 4.2.0 through 4.2.2. Systems running earlier versions than 4.2.0 or the latest patched version, 4.3.0, are not vulnerable to this exploit.
The risk associated with this vulnerability is exceptionally high due to the potential for attackers to gain access to sensitive information and systems without valid permissions, posing a significant threat to organizational security and data integrity.
Cisco’s Response and Software Updates
In response to the discovery of this vulnerability, Cisco has released software updates to address the issue, with no workarounds available.
The company advises customers to regularly consult the Cisco Security Advisories page for advisories on Cisco products to determine exposure and complete upgrade solutions.
📁🄳🄾🄲🅄🄼🄴🄽🅃
Customers must ensure that their devices have sufficient memory and that the new release will support current hardware and software configurations.
Contacting the Cisco Technical Assistance Center (TAC) or contracted maintenance providers is recommended for any uncertainties.
Fixed Software Releases
Cisco has provided detailed information on the fixed software releases for affected versions:
- Versions earlier than 4.2.0: Not vulnerable.
- Versions 4.2.0 through 4.2.2: Customers are advised to migrate to a fixed release.
- Version 4.3.0: Not vulnerable.
This information is critical for administrators to ensure that their systems are updated to the latest, secure versions, mitigating the risk posed by this vulnerability.
Recommendations for Administrators
Administrators are urged to update affected systems to the latest software release as soon as possible. Additionally, Cisco Duo recommends rotating the registry key on affected devices as an immediate security measure.
This can be accomplished by navigating to the protected application in the Duo Admin Panel and clicking “Reset Secret Key.”
For more detailed instructions on this process, Cisco provides resources on resetting the secret key for a Duo-Protected Application or Directory Sync.
The discovery of this vulnerability in Cisco Duo Authentication for Windows Logon and RDP underscores the importance of maintaining up-to-date software and adhering to best security practices.
You can block malware, including Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits, with Perimeter81 malware protection . All are incredibly harmful, can wreak havoc, and damage your network.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.
#Cyber_Security_News #Uncategorized #Vulnerability #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
