How severe is CVE-2023-20123?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.6 out of 10.

What type of vulnerability is CVE-2023-20123?

This is classified as CWE-294, which is a common weakness in software security.

CVE-2023-20123 - MEDIUM Severity | CVSS 4.6

Vulnerability Description

A vulnerability in the offline access mode of Cisco Duo Two-Factor Authentication for macOS and Duo Authentication for Windows Logon and RDP could allow an unauthenticated, physical attacker to replay valid user session credentials and gain unauthorized access to an affected macOS or Windows device. This vulnerability exists because session credentials do not properly expire. An attacker could exploit this vulnerability by replaying previously used multifactor authentication (MFA) codes to bypass MFA protection. A successful exploit could allow the attacker to gain unauthorized access to the affected device.

Related Vulnerabilities

CVE-2022-29475

MEDIUM

CVSS:4.7(Medium)

An information disclosure vulnerability exists in the XFINDER functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted man-in-the-middle attack can lead to ...

CWE-2942022

CVE-2025-47706

MEDIUM

CVSS:4.8(Medium)

Authentication Bypass by Capture-replay vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Remote Services with Stolen Credentials.This issue affects Enterprise MFA - TFA for Drupal: from ...

CWE-2942025

CVE-2025-48012

MEDIUM

CVSS:4.8(Medium)

Authentication Bypass by Capture-replay vulnerability in Drupal One Time Password allows Remote Services with Stolen Credentials.This issue affects One Time Password: from 0.0.0 before 1.3.0.

CWE-2942025

CVE-2021-46835

MEDIUM

CVSS:4.3(Medium)

There is a traffic hijacking vulnerability in WS7200-10 11.0.2.13. Successful exploitation of this vulnerability can cause packets to be hijacked by attackers.

CWE-2942021

CVE-2024-38272

HIGH

CVSS:4.3(Medium)

There exists a vulnerability in Quick Share/Nearby, where an attacker can bypass the accept file dialog on Quick Share Windows. Normally in Quick Share Windows app we can't send a file without the use...

CWE-2942024

CVE-2020-14302

MEDIUM

CVSS:4.9(Medium)

A flaw was found in Keycloak before 13.0.0 where an external identity provider, after successful authentication, redirects to a Keycloak endpoint that accepts multiple invocations with the use of the ...

CWE-2942020