Cisco has released an important security advisory regarding a vulnerability in its Duo Authentication system for Windows Logon and Remote Desktop Protocol (RDP). This medium-severity issue, identified by Advisory ID cisco-sa-duo-infodisc-rLCEqm6T, was first made public on March 6, 2024, and represents a significant risk for users of affected software versions.
The vulnerability stems from an inadequate storage method for an unencrypted registry key within logs. "An authenticated, local attacker could view sensitive information in clear text on an affected system," noted Cisco's initial report. This means that local users with access could potentially exploit the logs to extract confidential data.
"An authenticated, local attacker could view sensitive information in clear text on an affected system,"
Following the identification of this issue, Cisco emphasized the necessity for its users to promptly upgrade to the fixed software versions. Unfortunately, there are no available workarounds that could mitigate this vulnerability in the interim, underscoring the urgency for organizations to take action.
According to Cisco, the flaw is categorized under CVE-2024-20292 and CWE-200. It has been assigned a CVSS score of 4.4, reflecting its medium risk level. The company confirmed, "Customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release."
Affected products include various releases of Cisco Duo Authentication for Windows Logon and RDP. In particular, versions 4.0.0 through 4.2.2 are marked as vulnerable and require migration to a fixed release to resolve the issue. Strikingly, versions 3.1.2 and 4.3.0 were found to be unaffected by this vulnerability.
For clients uncertain about their software release, Cisco recommends referring to the advisory for complete information on which releases are affected. "When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page, to determine exposure and a complete upgrade solution," advised Cisco's technical team.
"When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page, to determine exposure and a complete upgrade solution,"
Cisco has suggested that users look into rotating their existing registry keys on affected devices post-upgrade. Details on how to perform this rotation can be found in their guide titled "How to reset my Duo Authentication for Windows Logon and RDP secret key without getting locked out?"
In conclusion, as organizations continue to navigate the complexities of cybersecurity, situations like the current Duo Authentication issue highlight the ongoing need for vigilance. By regularly updating their software and staying informed about potential vulnerabilities, users can help ensure their systems remain resilient against the growing landscape of cyber threats.