How severe is CVE-2024-20301?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.2 out of 10.

What type of vulnerability is CVE-2024-20301?

This is classified as CWE-287, which is a common weakness in software security.

CVE-2024-20301 - MEDIUM Severity | CVSS 6.2

Vulnerability Description

A vulnerability in Cisco Duo Authentication for Windows Logon and RDP could allow an authenticated, physical attacker to bypass secondary authentication and access an affected Windows device. This vulnerability is due to a failure to invalidate locally created trusted sessions after a reboot of the affected device. An attacker with primary user credentials could exploit this vulnerability by attempting to authenticate to an affected device. A successful exploit could allow the attacker to access the affected device without valid permissions.

Related Vulnerabilities

CVE-2017-2329

MEDIUM

CVSS:6.2(Medium)

An insufficient authentication vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unprivileged, authenticated, user to execute certai...

CWE-2872017

CVE-2017-8214

MEDIUM

CVSS:6.2(Medium)

Honor 8,Honor V8,Honor 9,Honor V9,Nova 2,Nova 2 Plus,P9,P10 Plus,Toronto Huawei smart phones with software of versions earlier than FRD-AL00C00B391, versions earlier than FRD-DL00C00B391, versions ear...

CWE-2872017

CVE-2018-0008

MEDIUM

CVSS:6.2(Medium)

An unauthenticated root login may allow upon reboot when a commit script is used. A commit script allows a device administrator to execute certain instructions during commit, which is configured under...

CWE-2872018

CVE-2018-7940

MEDIUM

CVSS:6.2(Medium)

Huawei smart phones Mate 10 and Mate 10 Pro with earlier versions than 8.0.0.129(SP2C00) and earlier versions than 8.0.0.129(SP2C01) have an authentication bypass vulnerability. An attacker with high ...

CWE-2872018

CVE-2024-23219

MEDIUM

CVSS:6.2(Medium)

The issue was addressed with improved authentication. This issue is fixed in iOS 17.3 and iPadOS 17.3. Stolen Device Protection may be unexpectedly disabled.

CWE-2872024

CVE-2018-13434

MEDIUM

CVSS:6.3(Medium)

An issue was discovered in the LINE jp.naver.line application 8.8.0 for iOS. The LAContext class for Biometric (TouchID) validation allows authentication bypass by overriding the LAContext return Bool...

CWE-2872018