Incorrect Authorization in WatchGuard Authentication Gateway on Windows
CVE-2024-6593

9.1CRITICAL

Key Information:

Vendor: Watchguard
Status: Authentication Gateway
Vendor: CVE Published:; 25 September 2024

Summary

An incorrect authorization vulnerability exists in WatchGuard Authentication Gateway (commonly known as the Single Sign-On Agent) for Windows, which allows a malicious actor with network access to execute restricted management commands. This flaw poses a significant risk to system integrity and security as attackers can exploit it to manipulate critical configuration settings and gain unauthorized control over the system. The affected versions include Authentication Gateway through 12.10.2, highlighting the importance of prompt updates to safeguard against potential exploitation.

References

https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-...

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 25, 2024