Lucene search

WatchGuardCVE-2024-6593

HistorySep 25, 2024 - 12:15 p.m.

CVE-2024-6593

2024-09-2512:15:05

CWE-863

WatchGuard

web.nvd.nist.gov

vulnerability

authorization

watchguard

single sign-on

windows

network access

management commands

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

9.3

Confidence

High

EPSS

Percentile

9.6%

JSON

Incorrect Authorization vulnerability in WatchGuard Authentication Gateway (aka Single Sign-On Agent) on Windows allows an attacker with network access to execute restricted management commands.
This issue affects Authentication Gateway: through 12.10.2.

Affected configurations

Nvd

Node

watchguardauthentication_gatewayRange≤12.10.2

VendorProductVersionCPE
watchguardauthentication_gateway*cpe:2.3:a:watchguard:authentication_gateway:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
watchguard	authentication_gateway	*	cpe:2.3:a:watchguard:authentication_gateway::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows"
    ],
    "product": "Authentication Gateway",
    "vendor": "WatchGuard",
    "versions": [
      {
        "lessThanOrEqual": "12.10.2",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

References

www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00015

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

9.3

Confidence

High

EPSS

Percentile

9.6%

JSON

Related for CVE-2024-6593