CVE-2024-6592
Published: 25 September 2024
Summary
CVE-2024-6592 is a critical-severity Missing Authentication for Critical Function (CWE-306) vulnerability in Watchguard Single Sign-On Client. Its CVSS base score is 9.1 (Critical).
Operationally, ranked in the top 14.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-47657
Vulnerability details
Incorrect Authorization vulnerability in the protocol communication between the WatchGuard Authentication Gateway (aka Single Sign-On Agent) on Windows and the WatchGuard Single Sign-On Client on Windows and MacOS allows Authentication Bypass.This issue affects the Authentication Gateway: through 12.10.2; Windows Single…
more
Sign-On Client: through 12.7; MacOS Single Sign-On Client: through 12.5.4.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Authorizing mobile device connections to organizational systems ensures authentication is performed for this critical access function.
The small, testable reference monitor reduces the likelihood of incorrect authorization implementations.
Auditing sessions makes it possible to detect access to critical functions without required authentication.
The assessment process confirms authentication is present and effective for critical functions, preventing exploitation from missing authentication.
Certification assesses that critical functions have required authentication controls in place.
Centralized authorization servers reduce incorrect authorization by enforcing consistent policies.
Policy mandates authentication and authorization for critical functions, ensuring these controls are not omitted for personnel-managed resources.
Explicit identification of critical functions enables targeted authentication requirements, preventing missing authentication for those functions.