PT-2024-2044 · Cisco · Cisco Duo Authentication For Windows Logon/Rdp

Published

2024-03-06

Updated

2025-03-24

CVE-2024-20301

CVSS v2.0

6.5

Medium

Vector

AV:L/AC:L/Au:M/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Cisco Duo Authentication for Windows Logon and RDP (affected versions not specified)

Description A vulnerability in Cisco Duo Authentication for Windows Logon and RDP could allow an authenticated, physical attacker to bypass secondary authentication and access an affected Windows device. This issue is due to a failure to invalidate locally created trusted sessions after a reboot of the affected device. An attacker with primary user credentials could exploit this vulnerability by attempting to authenticate to an affected device, potentially allowing access to the device without valid permissions.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Authentication

Insufficient Session Expiration

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287CWE-613

Related Identifiers

BDU:2024-01922

CVE-2024-20301

Affected Products

Cisco Duo Authentication For Windows Logon/Rdp

PT-2024-2044 · Cisco · Cisco Duo Authentication For Windows Logon/Rdp

CVE-2024-20301

Weakness Enumeration

Related Identifiers

Affected Products

References · 7