Cisco for Windows and RDP Let Attacker Bypass Authentication


A critical vulnerability, CVE-2024-20301 has been identified in Cisco Duo Authentication for Windows Logon and Remote Desktop Protocol (RDP), posing a security risk to affected systems.

This flaw could allow an authenticated, local attacker to bypass secondary authentication mechanisms and gain unauthorized access to Windows devices.

The vulnerability stems from a failure to invalidate locally created trusted sessions after a device reboot, enabling attackers with primary user credentials to exploit this weakness successfully.

The vulnerability impacts Cisco Duo Authentication for Windows Logon and RDP versions 4.2.0 through 4.2.2. Systems running earlier versions than 4.2.0 or the latest patched version, 4.3.0, are not vulnerable to this exploit.

The risk associated with this vulnerability is exceptionally high due to the potential for attackers to gain access to sensitive information and systems without valid permissions, posing a significant threat to organizational security and data integrity.

Cisco’s Response and Software Updates

In response to the discovery of this vulnerability, Cisco has released software updates to address the issue, with no workarounds available.

The company advises customers to consult the Cisco Security Advisories page regularly for advisories on Cisco products to determine exposure and complete upgrade solutions.

Document

Integrate ANY.RUN in your company for Effective Malware Analysis

Malware analysis can be fast and simple. Just let us show you the way to:

  • Interact with malware safely
  • Set up virtual machine in Linux and all Windows OS versions
  • Work in a team
  • Get detailed reports with maximum data
  • If you want to test all these features now with completely free access to the sandbox: ..

Customers must ensure that their devices have sufficient memory and that the new release will support current hardware and software configurations.

Contacting the Cisco Technical Assistance Center (TAC) or contracted maintenance providers is recommended for any uncertainties.

Fixed Software Releases

Cisco has provided detailed information on the fixed software releases for affected versions:

  • Versions earlier than 4.2.0: Not vulnerable.
  • Versions 4.2.0 through 4.2.2: Customers are advised to migrate to a fixed release.
  • Version 4.3.0: Not vulnerable.

This information is critical for administrators to ensure that their systems are updated to the latest, secure versions, mitigating the risk posed by this vulnerability.

Recommendations for Administrators

Administrators are urged to update affected systems to the latest software release as soon as possible. Additionally, Cisco Duo recommends rotating the registry key on affected devices as an immediate security measure.

This can be accomplished by navigating to the protected application in the Duo Admin Panel and clicking “Reset Secret Key.”

For more detailed instructions on this process, Cisco provides resources on resetting the secret key for a Duo-Protected Application or Directory Sync.

The discovery of this vulnerability in Cisco Duo Authentication for Windows Logon and RDP underscores the importance of maintaining up-to-date software and adhering to best security practices.

By promptly applying the provided software updates and following Cisco’s recommendations, administrators can protect their systems from potential exploitation and ensure the security of their organization’s data and resources.

You can block malware, including Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits, with Perimeter81 malware protection. All are incredibly harmful, can wreak havoc, and damage your network.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.





Source link