CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2024-5974 – Firebox Authenticated Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2024-5974
A buffer overflow in WatchGuard Fireware OS could may allow an authenticated remote attacker with privileged management access to execute arbitrary code with system privileges on the firewall. This issue affects Fireware OS: from 11.9.6 through 12.10.3. Un desbordamiento del búfer en WatchGuard Fireware OS podría permitir que un atacante remoto autenticado con acceso de administración privilegiado ejecute código arbitrario con privilegios del sistema en el firewall. Este problema afecta al sistema operativo Fireware: desde 11.9.6 hasta 12.10.3. • https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00011 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4944 – Mobile VPN with SSL Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-4944
A local privilege escalation vlnerability in the WatchGuard Mobile VPN with SSL client on Windows enables a local user to execute arbitrary commands with elevated privileged. Una vulnerabilidad de escalada de privilegios local en el cliente WatchGuard Mobile VPN con SSL en Windows permite a un usuario local ejecutar comandos arbitrarios con privilegios elevados. • https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00010 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1417 – Local Code Injection Vulnerability in AuthPoint Password Manager App for macOS Safari
https://notcve.org/view.php?id=CVE-2024-1417
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in WatchGuard AuthPoint Password Manager on MacOS allows an a adversary with local access to execute code under the context of the AuthPoint Password Manager application. This issue affects AuthPoint Password Manager for MacOS versions before 1.0.6. La neutralización incorrecta de elementos especiales utilizados en una vulnerabilidad de comando ("Inyección de comando") en WatchGuard AuthPoint Password Manager en MacOS permite a un adversario con acceso local ejecutar código en el contexto de la aplicación AuthPoint Password Manager. Este problema afecta a AuthPoint Password Manager para versiones de MacOS anteriores a la 1.0.6. • https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00006 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-26236
https://notcve.org/view.php?id=CVE-2023-26236
An issue was discovered in WatchGuard EPDR 8.0.21.0002. Due to a weak implementation of message handling between WatchGuard EPDR processes, it is possible to perform a Local Privilege Escalation on Windows by sending a crafted message to a named pipe. Se descubrió un problema en WatchGuard EPDR 8.0.21.0002. Debido a una implementación débil del manejo de mensajes entre los procesos de WatchGuard EPDR, es posible realizar una escalada de privilegios locales en Windows enviando un mensaje manipulado a un pipe conocido. • https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2023-00004 •
CVSS: 6.7EPSS: 0%CPEs: 8EXPL: 0CVE-2023-26237
https://notcve.org/view.php?id=CVE-2023-26237
An issue was discovered in WatchGuard EPDR 8.0.21.0002. It is possible to bypass the defensive capabilities by adding a registry key as SYSTEM. Se descubrió un problema en WatchGuard EPDR 8.0.21.0002. Es posible evitar las capacidades defensivas agregando una clave de registro como SYSTEMA. • https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2023-00005 • CWE-639: Authorization Bypass Through User-Controlled Key •