SecuriTricks - CVE-2024-6592

Description

Incorrect Authorization vulnerability in the protocol communication between the WatchGuard Authentication Gateway (aka Single Sign-On Agent) on Windows and the WatchGuard Single Sign-On Client on Windows and MacOS allows Authentication Bypass.This issue affects the Authentication Gateway: through 12.10.2; Windows Single Sign-On Client: through 12.7; MacOS Single Sign-On Client: through 12.5.4.

Product(s) Impacted

Vendor	Product	Versions
Watchguard	Authentication Gateway Single Sign-on Client	* *

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-863

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
a	watchguard	authentication_gateway	/	/	/	/	/	/	/	/
a	watchguard	single_sign-on_client	/	/	/	/	/	macos	/	/
a	watchguard	single_sign-on_client	/	/	/	/	/	windows	/	/

References

https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00014

CVSS Score

9.1 / 10

CVSS Data - 3.1

Attack Vector: NETWORK
Attack Complexity: LOW
Privileges Required: NONE
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

View Vector String

Timeline

Published: Sept. 25, 2024, 12:15 p.m.
Last Modified: Oct. 1, 2024, 4:06 p.m.

Status : Analyzed

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

5d1c2695-1a31-4499-88ae-e847036fd7e3

CVE-2024-6592