CVE-2024-6592

Summary

Incorrect Authorization vulnerability in the protocol communication between the WatchGuard Authentication Gateway (aka Single Sign-On Agent) on Windows and the WatchGuard Single Sign-On Client on Windows and MacOS allows Authentication Bypass.This issue affects the Authentication Gateway: through 12.10.2; Windows Single Sign-On Client: through 12.7; MacOS Single Sign-On Client: through 12.5.4.

Affected Software

VendorProductVersion RangeStatus
WatchGuardAuthentication Gateway0 <= 12.10.2affected
WatchGuardSingle Sign-On Client0 <= 12.7affected
WatchGuardSingle Sign-On Client0 <= 12.5.4affected

Weaknesses

  • CWE-306: CWE-306 Missing Authentication for Critical Function

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References