Pakistan Telecommunication Authority (PTA) issued a critical security warning today regarding a vulnerability in Cisco Duo Authentication for Windows Logon and Remote Desktop Protocol (RDP). This flaw, identified as CVE-2024-20301, could allow attackers with local access to bypass secondary authentication and gain unauthorized access to Windows devices used in Pakistan.
The advisory highlights a security gap where trusted sessions created locally are not invalidated after a system reboot. This creates an opportunity for attackers with valid user credentials to bypass the additional security layer provided by Cisco Duo’s multi-factor authentication (MFA).
The vulnerability primarily affects systems running versions of Cisco Duo Authentication for Windows Logon and RDP earlier than 4.2.0, or those not updated to the latest patched version, 4.3.0.
The PTA urges immediate action from users and administrators, as follows:
- Update to the latest version (4.3.0): Patching your system with the latest update from Cisco is critical to address this vulnerability.
- Reset Registry Key: Following Cisco’s recommended steps, reset the registry key on affected devices for enhanced security.
- Refer to Cisco Resources: Cisco’s website provides detailed instructions on resetting the secret key for Duo-Protected Applications or Directory Sync.
The PTA emphasizes user vigilance and recommends visiting the official Cisco advisory for a comprehensive understanding of the vulnerability. In case of a suspected security incident, report it to the PTA CERT Portal and via email as advised by the authority. This vulnerability poses a significant risk to Pakistani organizations relying on Cisco Duo for Windows Login and RDP. By implementing the recommended mitigation strategies promptly, users can significantly improve their security posture.
