Security Advisory Detail

WatchGuard SSO Agent Telnet Authentication Bypass

Advisory ID
WGSA-2024-00015
CVE
CVE-2024-6593
Impact
Critical
Status
Acknowledged
Product Family
Other Software
Published Date
Updated Date
Workaround Available
True
CVSS Score
9.1
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Summary

An incorrect authorization vulnerability in WatchGuard Authentication Gateway (aka Single Sign-On Agent) on Windows allows an attacker with network access to execute restricted management commands.

An attacker that has already gained network access could exploit this vulnerability to retrieve authenticated usernames and group memberships from the Single Sign-On Agent or tamper with the agent configuration. This vulnerability cannot be used by an attacker to gain access to user credentials.

WatchGuard is not aware of any exploitation of this vulnerability in the wild.

Affected

This issue affects the Authentication Gateway: through 12.10.2.

Workaround

An attacker must have already established network access to exploit this vulnerability. WatchGuard recommends using Windows Firewall rules to restrict TCP port 4114 network access to the Authentication Gateway to only allow connections from the Firebox.

Windows administrators can use Group Policy objects to add Windows firewall rules to their endpoints.

Credits
Found by RedTeam Pentesting GmbH
Advisory Product List
Product Family
Product Branch
Product List
Other Software
Authentication Gateway
Authentication Gateway