Advisories address critical vulnerabilities which could lead to authentication bypass, authorisation bypass, or denial-of-service

Threat ID:CC-4555

Threat Severity:Medium

Published:30 September 2024 3:37 PM

Summary

Affected platforms

The following platforms are known to be affected:

WatchGuard Firebox

WatchGuard Authentication Gateway (also known as Single Sign-on Agent) | through 12.10.2
WatchGuard Single Sign-on Client for Windows | through 12.7
WatchGuard Single Sign-On Client for MacOS | through 12.5.4

Threat details

Proof-of-Concept exploit for CVE-2024-6592, CVE-2024-6593 & CVE-2024-6594

Proof-of-concept code is publicly available and exploitation is considered more likely.

Introduction

WatchGuard has released security advisories addressing three vulnerabilities affecting Firebox SSO product lines. The vulnerabilities affect Firebox Authentication Gateway, also known as the Single Sign-On Agent, as well as the Single Sign-On Client on Windows and MacOS. WatchGuard Firebox is product line of physical and virtual firewalls with Single Sign-on capabilities.

Vulnerability Details

CVE-2024-6592 has a CVSSv3 score of 9.1 and is an incorrect authorisation vulnerability in the protocol communication between the gateway and client and could allow an attacker with network access to forge communication to the affected components, potentially leading to authorisation bypass.
CVE-2024-6593 has a CVSSv3 score of 9.1 and is an incorrect authorisation vulnerability in the authentication gateway on Windows and could allow an attacker with network access to execute restricted management commands, potentially leading to authentication bypass.
CVE-2024-6594 has a CVSSv3 score of 7.5 is an improper handling of exceptional conditions vulnerability in the Single Sign-On Client on Windows which causes the client to crash while handling malformed commands, potentially leading to denial-of-service.

Remediation advice

Affected organisations are encouraged to review the WatchGuard Security Advisories page and apply the relevant workarounds detailed in the advisories below.

Remediation steps


Guidance	WatchGuard Firebox Single Sign-On Agent Protocol Authorization Bypass \| wgsa-2024-00014 https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00014
Guidance	WatchGuard SSO Agent Telnet Authentication Bypass \| WGSA-2024-00015 https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00015
Guidance	WatchGuard Firebox Single Sign-On Client Denial-of-Service \| WGSA-2024-00016 https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00016

Definitive source of threat updates

https://www.watchguard.com/wgrd-psirt/advisories

CVE Vulnerabilities

StatusPublished

CVE-2024-6594Improper Handling of Exceptional Conditions vulnerability in the WatchGuard Single Sign-On Client on Windows causes the client to crash while handling malformed commands. An attacker with network access to the client could create a denial of service condition for the Single Sign-On service by repeatedly issuing malformed commands. This issue affects Single Sign-On Client: through 12.7.

StatusPublished

CVE-2024-6593Incorrect Authorization vulnerability in WatchGuard Authentication Gateway (aka Single Sign-On Agent) on Windows allows an attacker with network access to execute restricted management commands. This issue affects Authentication Gateway: through 12.10.2.

StatusPublished

CVE-2024-6592Incorrect Authorization vulnerability in the protocol communication between the WatchGuard Authentication Gateway (aka Single Sign-On Agent) on Windows and the WatchGuard Single Sign-On Client on Windows and MacOS allows Authentication Bypass.This issue affects the Authentication Gateway: through 12.10.2; Windows Single Sign-On Client: through 12.7; MacOS Single Sign-On Client: through 12.5.4.

Last edited: 30 September 2024 3:37 pm