Lucene search

WatchGuardCVE-2024-6594

HistorySep 25, 2024 - 12:15 p.m.

CVE-2024-6594

2024-09-2512:15:05

CWE-755

WatchGuard

web.nvd.nist.gov

watchguard

single sign-on

exceptional conditions

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

Percentile

9.6%

JSON

Improper Handling of Exceptional Conditions vulnerability in the WatchGuard Single Sign-On Client on Windows causes the client to crash while handling malformed commands. An attacker with network access to the client could create a denial of service condition for the Single Sign-On service by repeatedly issuing malformed commands.

This issue affects Single Sign-On Client: through 12.7.

Affected configurations

Nvd

Node

watchguardsingle_sign-on_clientRange≤12.7windows

VendorProductVersionCPE
watchguardsingle_sign-on_client*cpe:2.3:a:watchguard:single_sign-on_client:*:*:*:*:*:windows:*:*

Vendor	Product	Version	CPE
watchguard	single_sign-on_client	*	cpe:2.3:a:watchguard:single_sign-on_client::::::windows::*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows"
    ],
    "product": "Single Sign-On Client",
    "vendor": "WatchGuard",
    "versions": [
      {
        "lessThanOrEqual": "12.7",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

References

www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00016

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

Percentile

9.6%

JSON

Related for CVE-2024-6594