AuthPoint Password Manager Vulnerable to Command Injection Attacks
CVE-2024-1417

7.8HIGH

Key Information:

Vendor: Watchguard
Status: AutHPoint Password Manager
Vendor: CVE Published:; 16 May 2024

What is CVE-2024-1417?

A command injection vulnerability has been identified in WatchGuard AuthPoint Password Manager for MacOS, allowing local adversaries to manipulate input parameters and potentially execute arbitrary code within the application. This flaw affects all versions prior to 1.0.6, thus posing significant security risks for users who have not updated to the latest version. Users are advised to promptly apply the necessary patches to mitigate the risk associated with this vulnerability.

Affected Version(s)

AuthPoint Password Manager MacOS 0 <= 1.0.5

References

https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 16, 2024
Vulnerability Reserved
Feb 9, 2024

Watchguard

What is CVE-2024-1417?

Affected Version(s)

References

CVSS V3.1

Timeline