Lucene search

WatchGuardCVELIST:CVE-2024-6594

HistorySep 25, 2024 - 11:22 a.m.

CVE-2024-6594 WatchGuard Firebox Single Sign-On Client Denial-of-Service

2024-09-2511:22:45

CWE-755

WatchGuard

www.cve.org

watchguard

single sign-on

windows

denial-of-service

vulnerability

network access

malformed commands

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

Percentile

9.6%

JSON

Improper Handling of Exceptional Conditions vulnerability in the WatchGuard Single Sign-On Client on Windows causes the client to crash while handling malformed commands. An attacker with network access to the client could create a denial of service condition for the Single Sign-On service by repeatedly issuing malformed commands.

This issue affects Single Sign-On Client: through 12.7.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows"
    ],
    "product": "Single Sign-On Client",
    "vendor": "WatchGuard",
    "versions": [
      {
        "lessThanOrEqual": "12.7",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

References

www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00016

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

Percentile

9.6%

JSON

Related for CVELIST:CVE-2024-6594