CVE-2024-6594

Improper Handling of Exceptional Conditions vulnerability in the WatchGuard Single Sign-On Client on Windows causes the client to crash while handling malformed commands. An attacker with network access to the client could create a denial of service condition for the Single Sign-On service by repeatedly issuing malformed commands. This issue affects Single Sign-On Client: through 12.7.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00016	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:watchguard:single_sign-on_client:*:*:*:*:*:windows:*:*

History

01 Oct 2024, 19:41

Type	Values Removed	Values Added
References	~~() https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00016 -~~	() https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00016 - Vendor Advisory
First Time		Watchguard Watchguard single Sign-on Client
CPE		cpe:2.3:a:watchguard:single_sign-on_client::::::windows::*

26 Sep 2024, 13:32

Type	Values Removed	Values Added
Summary		(es) La vulnerabilidad de manejo inadecuado de condiciones excepcionales en WatchGuard Single Sign-On Client en Windows hace que el cliente se bloquee mientras maneja comandos malformados. Un atacante con acceso de red al cliente podría crear una condición de denegación de servicio para el servicio de inicio de sesión único al emitir repetidamente comandos malformados. Este problema afecta al cliente de inicio de sesión único: hasta la versión 12.7.

25 Sep 2024, 12:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-09-25 12:15

Updated : 2024-10-01 19:41

NVD link : CVE-2024-6594

Mitre link : CVE-2024-6594

CVE.ORG link : CVE-2024-6594

JSON object : View

Products Affected

watchguard

single_sign-on_client

CWE

CWE-755

Improper Handling of Exceptional Conditions

{"id": "CVE-2024-6594", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "5d1c2695-1a31-4499-88ae-e847036fd7e3", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-09-25T12:15:05.397", "references": [{"url": "https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00016", "tags": ["Vendor Advisory"], "source": "5d1c2695-1a31-4499-88ae-e847036fd7e3"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-755"}]}, {"type": "Secondary", "source": "5d1c2695-1a31-4499-88ae-e847036fd7e3", "description": [{"lang": "en", "value": "CWE-755"}]}], "descriptions": [{"lang": "en", "value": "Improper Handling of Exceptional Conditions vulnerability in the WatchGuard Single Sign-On Client on Windows causes the client to crash while handling malformed commands. An attacker with network access to the client could create a denial of service condition for the Single Sign-On service by repeatedly issuing malformed commands.\n\nThis issue affects Single Sign-On Client: through 12.7."}, {"lang": "es", "value": "La vulnerabilidad de manejo inadecuado de condiciones excepcionales en WatchGuard Single Sign-On Client en Windows hace que el cliente se bloquee mientras maneja comandos malformados. Un atacante con acceso de red al cliente podr\u00eda crear una condici\u00f3n de denegaci\u00f3n de servicio para el servicio de inicio de sesi\u00f3n \u00fanico al emitir repetidamente comandos malformados. Este problema afecta al cliente de inicio de sesi\u00f3n \u00fanico: hasta la versi\u00f3n 12.7."}], "lastModified": "2024-10-01T19:41:08.783", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:watchguard:single_sign-on_client:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "17A19E9E-0672-4673-BD4F-681E4C994EE7", "versionEndIncluding": "12.7"}], "operator": "OR"}]}], "sourceIdentifier": "5d1c2695-1a31-4499-88ae-e847036fd7e3"}