Cisco Duo Epic for Hyperdrive Information Disclosure Vulnerability (CVE-2024-20503)

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. Vulnerability Description: - Vulnerability Name: Cisco Duo Epic for Hyperdrive Information Disclosure Vulnerability - Vulnerability ID: cisco-sa-duo-epic-info-sdLv6h8y - CVE Number: CVE-2024-20503 - CVSS Score: Base 5.5 2. Affected Products: - Affected Product: Cisco Duo Epic for Hyperdrive - Affected Version: 1.0 3. Vulnerability Impact: - Vulnerability Type: Information Disclosure - Vulnerability Description: Due to insecure storage of unencrypted registry keys, a low-privileged attacker can exploit this vulnerability by viewing or querying registry keys on affected systems. Successful exploitation allows attackers to view sensitive information in plaintext. 4. Remediation: - Fix Released: Cisco has released a software update to address this vulnerability. - Workaround: No workaround is available. 5. Affected Product List: - Confirmed Affected Products: Only the products listed in the Affected Products section. - Confirmed Unaffected Products: Products listed in the Affected Products section are confirmed unaffected. 6. Affected Software Versions: - Affected Software Version: 1.0 7. Exploitation and Public Announcements: - Exploitation: Cisco PSIRT is not aware of any public announcements or malicious exploitation of this vulnerability. - Public Announcement: None 8. Source: - External Researchers: Thank you to the external researchers who reported this vulnerability. 9. Related Links: - Security Vulnerability Policy: Link to the security vulnerability policy page. - Subscribe to Security Notifications: Link to the subscribe to security notifications page. 10. Revision History: - Revision Version: 1.0 - Revision Description: Initial public release. - Revision Status: Final - Revision Date: September 4, 2024 11. Disclaimer: - Disclaimer: This document is provided "as is" without warranty of any kind, including but not limited to the warranties of merchantability or fitness for a particular purpose. The use of this document or any materials linked to it is at the user's own risk. Cisco reserves the right to modify or update this document at any time. This information provides a detailed description of the vulnerability, affected products and software versions, remediation steps, and related links.

Goal Reached Thanks to every supporter — we hit 100%!

Cisco Duo Epic for Hyperdrive Information Disclosure Vulnerability (CVE-2024-20503)