Page 2 of 79 results (0.005 seconds)

CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0

25 Sep 2024 — Incorrect Authorization vulnerability in WatchGuard Authentication Gateway (aka Single Sign-On Agent) on Windows allows an attacker with network access to execute restricted management commands. This issue affects Authentication Gateway: through 12.10.2. Incorrect Authorization vulnerability in WatchGuard Authentication Gateway (aka Single Sign-On Agent) on Windows allows an attacker with network access to execute restricted management commands. This issue affects Authentication Gateway: through 12.10.2. • https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00015 • CWE-863: Incorrect Authorization •

CVSS: 9.4EPSS: 1%CPEs: 3EXPL: 1

25 Sep 2024 — Incorrect Authorization vulnerability in the protocol communication between the WatchGuard Authentication Gateway (aka Single Sign-On Agent) on Windows and the WatchGuard Single Sign-On Client on Windows and MacOS allows Authentication Bypass.This issue affects the Authentication Gateway: through 12.10.2; Windows Single Sign-On Client: through 12.7; MacOS Single Sign-On Client: through 12.5.4. • https://github.com/RedTeamPentesting/watchguard-sso-client • CWE-863: Incorrect Authorization •

CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 0

09 Jul 2024 — A buffer overflow in WatchGuard Fireware OS could may allow an authenticated remote attacker with privileged management access to execute arbitrary code with system privileges on the firewall. This issue affects Fireware OS: from 11.9.6 through 12.10.3. Un desbordamiento del búfer en WatchGuard Fireware OS podría permitir que un atacante remoto autenticado con acceso de administración privilegiado ejecute código arbitrario con privilegios del sistema en el firewall. Este problema afecta al sistema operativo... • https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00011 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

09 Jul 2024 — A local privilege escalation vlnerability in the WatchGuard Mobile VPN with SSL client on Windows enables a local user to execute arbitrary commands with elevated privileged. Una vulnerabilidad de escalada de privilegios local en el cliente WatchGuard Mobile VPN con SSL en Windows permite a un usuario local ejecutar comandos arbitrarios con privilegios elevados. • https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00010 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

16 May 2024 — Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in WatchGuard AuthPoint Password Manager on MacOS allows an a adversary with local access to execute code under the context of the AuthPoint Password Manager application. This issue affects AuthPoint Password Manager for MacOS versions before 1.0.6. La neutralización incorrecta de elementos especiales utilizados en una vulnerabilidad de comando ("Inyección de comando") en WatchGuard AuthPoint Password Manager e... • https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00006 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0

05 Oct 2023 — An issue was discovered in WatchGuard EPDR 8.0.21.0002. Due to a weak implementation of message handling between WatchGuard EPDR processes, it is possible to perform a Local Privilege Escalation on Windows by sending a crafted message to a named pipe. Se descubrió un problema en WatchGuard EPDR 8.0.21.0002. Debido a una implementación débil del manejo de mensajes entre los procesos de WatchGuard EPDR, es posible realizar una escalada de privilegios locales en Windows enviando un mensaje manipulado a un pipe... • https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2023-00004 • CWE-269: Improper Privilege Management •

CVSS: 6.7EPSS: 0%CPEs: 8EXPL: 0

05 Oct 2023 — An issue was discovered in WatchGuard EPDR 8.0.21.0002. It is possible to bypass the defensive capabilities by adding a registry key as SYSTEM. Se descubrió un problema en WatchGuard EPDR 8.0.21.0002. Es posible evitar las capacidades defensivas agregando una clave de registro como SYSTEMA. • https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2023-00005 • CWE-639: Authorization Bypass Through User-Controlled Key •

CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0

05 Oct 2023 — An issue was discovered in WatchGuard EPDR 8.0.21.0002. It is possible to enable or disable defensive capabilities by sending a crafted message to a named pipe. Se descubrió un problema en WatchGuard EPDR 8.0.21.0002. Es posible habilitar o deshabilitar capacidades defensivas enviando un mensaje manipulado a un pipe conocido. • https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2023-00006 •

CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0

05 Oct 2023 — An issue was discovered in WatchGuard EPDR 8.0.21.0002. Due to a weak implementation of a password check, it is possible to obtain credentials to access the management console as a non-privileged user. Se descubrió un problema en WatchGuard EPDR 8.0.21.0002. Debido a una implementación débil de la verificación de contraseña, es posible obtener credenciales para acceder a la consola de administración como usuario sin privilegios. • https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2023-00007 • CWE-273: Improper Check for Dropped Privileges •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

13 Jul 2023 — A DLL hijacking vulnerability in Panda Security VPN for Windows prior to version v15.14.8 allows attackers to execute arbitrary code via placing a crafted DLL file in the same directory as PANDAVPN.exe. Una vulnerabilidad de secuestro de DLL en Panda Security VPN para Windows anterior a la versión v15.14.8 permite a los atacantes ejecutar código arbitrario mediante la colocación de un archivo DLL manipulado en el mismo directorio que "PANDAVPN.exe". • https://heegong.github.io/posts/Local-privilege-escalation-in-Panda-Dome-VPN-for-Windows-Installer • CWE-427: Uncontrolled Search Path Element •