Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-6592

Incorrect Authorization vulnerability in the protocol communication between the WatchGuard Authentication Gateway (aka Single Sign-On Agent) on Windows and the WatchGuard Single Sign-On Client on Windows and MacOS allows Authentication Bypass.This issue affects the Authentication Gateway: through 12.10.2; Windows Single Sign-On Client: through 12.7; MacOS Single Sign-On Client: through 12.5.4.

Published

2024-09-25T12:15:05.027

Last Modified

2024-10-01T16:06:09.937

Status

Analyzed

Source

5d1c2695-1a31-4499-88ae-e847036fd7e3

Severity

CVSSv3.1: 9.1 (CRITICAL)

Weaknesses

Type: Secondary
CWE-863
Type: Primary
CWE-863

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	watchguard	authentication_gateway	≤ 12.10.2	Yes
Application	watchguard	single_sign-on_client	≤ 12.5.4	Yes
Application	watchguard	single_sign-on_client	≤ 12.7	Yes

References

https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00014 Mitigation, Vendor Advisory (5d1c2695-1a31-4499-88ae-e847036fd7e3)