CVE-2023-20229

Name of the Vulnerable Software and Affected Versions Cisco Duo Device Health Application for Windows (affected versions not specified)

Description A vulnerability in the CryptoService function could allow an authenticated, local attacker with low privileges to conduct directory traversal attacks and overwrite arbitrary files on an affected system. This issue is due to insufficient input validation, allowing an attacker to exploit the vulnerability by executing a directory traversal attack. A successful exploit could result in a denial of service (DoS) condition or data loss on the affected system, as an attacker could use a cryptographic key to overwrite arbitrary files with SYSTEM-level privileges.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.