Lucene search

WatchGuardVULNRICHMENT:CVE-2024-6594

HistorySep 25, 2024 - 11:22 a.m.

CVE-2024-6594 WatchGuard Firebox Single Sign-On Client Denial-of-Service

2024-09-2511:22:45

CWE-755

WatchGuard

github.com

watchguard

single sign-on

dos

vulnerability

windows

network access

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.9

Confidence

High

EPSS

Percentile

9.6%

SSVC

Exploitation

none

Automatable

yes

Technical Impact

partial

JSON

Improper Handling of Exceptional Conditions vulnerability in the WatchGuard Single Sign-On Client on Windows causes the client to crash while handling malformed commands. An attacker with network access to the client could create a denial of service condition for the Single Sign-On service by repeatedly issuing malformed commands.

This issue affects Single Sign-On Client: through 12.7.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:watchguard:single_sign-on_client:*:*:*:*:*:windows:*:*"
    ],
    "vendor": "watchguard",
    "product": "single_sign-on_client",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "versionType": "semver",
        "lessThanOrEqual": "12.7"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00016

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.9

Confidence

High

EPSS

Percentile

9.6%

SSVC

Exploitation

none

Automatable

yes

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2024-6594