CVE-2025-20345

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-20345
A vulnerability in the debug logging function of Cisco Duo Authentication Proxy could allow an authenticated, high-privileged, remote attacker to view sensitive information in a system log file. This vulnerability is due to insufficient masking of sensitive information before it is written to system log files. An attacker could exploit this vulnerability by accessing logs on an affected system. A successful exploit could allow the attacker to view sensitive information that should be restricted. 

4.9 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvd36820
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi2
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-authproxlog-SxczXQ63
https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-66682
Configurations

No configuration.

History

22 Aug 2025, 18:09

Type Values Removed Values Added
Summary
  • (es) Una vulnerabilidad en la función de registro de depuración de Cisco Duo Authentication Proxy podría permitir que un atacante remoto autenticado y con privilegios elevados acceda a información confidencial en un archivo de registro del sistema. Esta vulnerabilidad se debe a un enmascaramiento insuficiente de la información confidencial antes de que se escriba en los archivos de registro del sistema. Un atacante podría explotar esta vulnerabilidad accediendo a los registros de un sistema afectado. Una explotación exitosa podría permitirle acceder a información confidencial que debería estar restringida.

20 Aug 2025, 17:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-08-20 17:15

Updated : 2025-08-22 18:09

NVD link : CVE-2025-20345

Mitre link : CVE-2025-20345

CVE.ORG link : CVE-2025-20345

JSON object : View

Products Affected

No product.

CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor