CVE-2023-20123
MEDIUMCisco Duo < 2.0.1 & Duo Authentication for Windows Logon and RDP < 4.2.2 - Authentication Bypass via Session Replay
Title source: llmDescription
A vulnerability in the offline access mode of Cisco Duo Two-Factor Authentication for macOS and Duo Authentication for Windows Logon and RDP could allow an unauthenticated, physical attacker to replay valid user session credentials and gain unauthorized access to an affected macOS or Windows device. This vulnerability exists because session credentials do not properly expire. An attacker could exploit this vulnerability by replaying previously used multifactor authentication (MFA) codes to bypass MFA protection. A successful exploit could allow the attacker to gain unauthorized access to the affected device.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-duo-replay-knuNKd
Scores
CVSS v3
6.3
EPSS
0.0025
EPSS Percentile
15.7%
Attack Vector
PHYSICAL
CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-294
Status
published
Products (2)
cisco/duo
< 2.0.1
cisco/duo_authentication_for_windows_logon_and_rdp
< 4.2.2
Published
Apr 05, 2023
Tracked Since
Feb 18, 2026