Rewterz Threat Advisory – CVE-2022-20662 – Cisco Duo for macOS Vulnerability

Severity

Medium

Analysis Summary

CVE-2022-20662

Cisco Duo for macOS could allow a local attacker to bypass security restrictions, caused by the assigned user of a smart card not being properly matched with the authenticating user. By configuring a smart card login to bypass Duo authentication, an attacker could exploit this vulnerability to use any personal identity verification (PIV) smart card for authentication.

Impact

• Security Bypass

Indicators Of Compromise

CVE

• CVE-2022-35280

Affected Vendors

Cisco

Affected Products

Cisco Duo for macOS

Remediation

Refer to Cisco Security Advisory for patch, upgrade or suggested workaround information.

Cisco Security Advisory