CVE-2022-20662

Name of the Vulnerable Software and Affected Versions Cisco Duo for Mac OS (affected versions not specified)

Description The issue is related to weaknesses in the authentication procedure of the Smart Card Login component. It could allow a remote attacker to cause a denial of service. An unauthenticated attacker with physical access could bypass authentication because the assigned user of a smart card is not properly matched with the authenticating user. An attacker could exploit this by configuring a smart card login to bypass Duo authentication, potentially allowing the use of any personal identity verification (PIV) smart card for authentication, even if not assigned to the authenticating user.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.