A serious security breech in Cisco Duo Authentication for Windows Logon and Remote Desktop Protocol has been brought to the attention of the Pakistan Telecommunication Authority (PTA) (RDP).The vulnerability known as CVE-2024-20301 has the potential to provide unauthorized access to Windows devices by allowing attackers with local access to circumvent secondary authentication.
The alert claims that this security vulnerability arises from the system’s inability to invalidate trusted sessions that are generated locally upon a device reboot.This implies that this vulnerability can be exploited by an attacker who possesses the credentials of the primary user. Systems using versions lower than 4.2.0 and those not upgraded to the most recent patched version, 4.3.0, are impacted by the problem. Cisco has released software patches in response to this issue.
PTA recommends that administrators and users upgrade their systems right away. As advised by Cisco, they should additionally reset the registry key on the impacted devices. On the Cisco website, there are comprehensive instructions for changing the secret key for a Directory Sync or Duo-Protected Application.
This threat, which affects Cisco Duo Authentication for Windows Logon and RDP versions 4.2.0 through 4.2.2, has been categorized by PTA as a “Authentication Bypass / Security Vulnerability.” A bypass of local authentication serves as the attack vector.Users are advised to stay alert and upgrade their systems as soon as possible by the advisory. Visit the Cisco bulletin regarding this issue for advice and more in-depth details. Report any security incidents via email and through the PTA CERT Portal.
