IT and Cybersecurity News

SECURITY BULLETIN: Cisco Duo Authentication for Windows Logon and RDP Information Vulnerability (CVE-2024-20292)

Written by Systems Engineering | May 07, 2024

Last October, Cisco announced a security vulnerability in their Duo Authentication for Windows Logon and RDP that impacted releases 4.0 through 4.2.  In April, Cisco delivered a new release and a fix for CVE-2024-20292.  

Cisco rates vulnerability as MEDIUM. 

Description

This vulnerability is due to improper storage of an unencrypted registry key in certain logs. An attacker could exploit this vulnerability by accessing the logs on an affected system, allowing the attacker to access sensitive, unencrypted information. 

View Cisco’s Security Advisory in full here:  Cisco Duo Authentication for Windows Logon and RDP Information Disclosure Vulnerability 

Scope

The following software Cisco Duo Authentication for Windows Logon and RDP releases are affected: 

Cisco Duo Authentication for Windows Logon and RDP Release 

First Fixed Release 

3.1.2 and earlier 

Not vulnerable. 

4.0.0 through 4.0.7 

Migrate to a fixed release. 

4.1.0 through 4.1.3 

Migrate to a fixed release. 

4.2.0 through 4.2.2 

Migrate to a fixed release. 

4.3.0 and later 

Not vulnerable. 

(Table credit: Cisco) 

Course of Action

Cisco recommends users update to the latest version of Duo Authentication for Windows Logon and RDP, version 4.3.1 to mitigate this risk and avoid exploitation of this vulnerability. 

For Systems Engineering clients who have Cisco Duo deployed and have SE Essentials, our secure productivity platform, we will be proactively upgrading you to the latest release. We will contact you with details on the remediation effort and scheduling.

For all others, we recommend having your affected system migrated to the latest release. If you would like our assistance, please reach out to Systems Engineering Customer Service at 207.772.4199 to have a ticket opened to get your system updated.    

 If you are a Systems Engineering client and have questions about this Security Alert, please contact your Account Manager.