Lucene search

WatchGuardVULNRICHMENT:CVE-2024-6593

HistorySep 25, 2024 - 11:16 a.m.

CVE-2024-6593 WatchGuard Firebox Single Sign-On Agent Management Interface Authentication Bypass

2024-09-2511:16:15

CWE-863

WatchGuard

github.com

cve-2024-6593

watchguard

authentication gateway

windows

network access

management commands

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

7.2

Confidence

High

EPSS

Percentile

9.6%

SSVC

Exploitation

none

Automatable

yes

Technical Impact

total

JSON

Incorrect Authorization vulnerability in WatchGuard Authentication Gateway (aka Single Sign-On Agent) on Windows allows an attacker with network access to execute restricted management commands.
This issue affects Authentication Gateway: through 12.10.2.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:watchguard:authentication_gateway:*:*:*:*:*:*:*:*"
    ],
    "vendor": "watchguard",
    "product": "authentication_gateway",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "versionType": "semver",
        "lessThanOrEqual": "12.10.2"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00015

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

7.2

Confidence

High

EPSS

Percentile

9.6%

SSVC

Exploitation

none

Automatable

yes

Technical Impact

total

JSON

Related for VULNRICHMENT:CVE-2024-6593