Incorrect Authorization vulnerability in WatchGuard Authentication Gateway allows Authentication Bypass

CVE-2024-6592

9.1CRITICAL

Key Information

Vendor: Watchguard
Status: Single Sign-on Client; Authentication Gateway
Vendor: CVE Published:; 25 September 2024

Badges

👾 Exploit Exists🔴 Public PoC

Summary

Incorrect Authorization vulnerability in the protocol communication between the WatchGuard Authentication Gateway (aka Single Sign-On Agent) on Windows and the WatchGuard Single Sign-On Client on Windows and MacOS allows Authentication Bypass.This issue affects the Authentication Gateway: through 12.10.2; Windows Single Sign-On Client: through 12.7; MacOS Single Sign-On Client: through 12.5.4.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

watchguard-sso-client
Created by RedTeamPentesting

Refferences

https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-...

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 25, 2024
🔴
Public PoC available
Sep 17, 2024
👾
Exploit known to exist
Sep 17, 2024

Collectors

NVD Database1 Proof of Concept(s)