Lucene search

WatchGuardVULNRICHMENT:CVE-2024-1417

HistoryMay 16, 2024 - 5:56 p.m.

CVE-2024-1417 Local Code Injection Vulnerability in AuthPoint Password Manager App for macOS Safari

2024-05-1617:56:43

CWE-77

WatchGuard

github.com

code injection

authpoint password manager

macos safari

vulnerability

command injection

local access

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.2

Confidence

High

EPSS

Percentile

9.0%

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Improper Neutralization of Special Elements used in a Command (‘Command Injection’) vulnerability in WatchGuard AuthPoint Password Manager on MacOS allows an a adversary with local access to execute code under the context of the AuthPoint Password Manager application.
This issue affects AuthPoint Password Manager for MacOS versions before 1.0.6.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:watchguard:authpoint_password_manager:1.0.6:*:*:*:*:*:*:*"
    ],
    "vendor": "watchguard",
    "product": "authpoint_password_manager",
    "versions": [
      {
        "status": "affected",
        "version": "1.0.6*",
        "lessThan": "1.0.6",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00006

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.2

Confidence

High

EPSS

Percentile

9.0%

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Related for VULNRICHMENT:CVE-2024-1417