PT-2024-18027 · Watchguard · Watchguard Authpoint Password Manager

Yoko Kho

Published

2024-05-16

Updated

2024-05-17

CVE-2024-1417

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions WatchGuard AuthPoint Password Manager for MacOS versions before 1.0.6

Description The issue is related to an Improper Neutralization of Special Elements used in a Command, also known as a 'Command Injection' vulnerability. This allows an adversary with local access to execute code under the context of the AuthPoint Password Manager application.

Recommendations For versions before 1.0.6, upgrade to version 1.0.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the AuthPoint Password Manager application until a patch is applied.

Fix

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77

Related Identifiers

CVE-2024-1417

Affected Products

Watchguard Authpoint Password Manager

PT-2024-18027 · Watchguard · Watchguard Authpoint Password Manager

CVE-2024-1417

Weakness Enumeration

Related Identifiers

Affected Products

References · 6