CVE-2024-20503

Summary

CVE-2024-20503 identifies a vulnerability in Cisco Duo Epic for Hyperdrive, allowing an authenticated local attacker to access sensitive information stored in cleartext due to improper storage of an unencrypted registry key. The affected products include Cisco Duo Epic for Hyperdrive, where a low-privileged user can exploit this vulnerability without needing user interaction. Successfully exploiting this flaw could lead to significant confidentiality breaches as it allows viewing sensitive data. To remediate the vulnerability, organizations should review and enhance the security measures surrounding registry key storage practices. The exploitability score is rated at 1.8, categorizing the severity as medium with high confidentiality impact potential.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.