// For flags

CVE-2024-1417

Local Code Injection Vulnerability in AuthPoint Password Manager App for macOS Safari

Severity Score

7.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track*
*SSVC
Descriptions

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in WatchGuard AuthPoint Password Manager on MacOS allows an a adversary with local access to execute code under the context of the AuthPoint Password Manager application.
This issue affects AuthPoint Password Manager for MacOS versions before 1.0.6.

La neutralización incorrecta de elementos especiales utilizados en una vulnerabilidad de comando ("Inyección de comando") en WatchGuard AuthPoint Password Manager en MacOS permite a un adversario con acceso local ejecutar código en el contexto de la aplicación AuthPoint Password Manager. Este problema afecta a AuthPoint Password Manager para versiones de MacOS anteriores a la 1.0.6.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:Track*
Exploitation
None
Automatable
No
Tech. Impact
Total
* Organization's Worst-case Scenario
Timeline
  • 2024-02-09 CVE Reserved
  • 2024-05-16 CVE Published
  • 2024-05-17 EPSS Updated
  • 2024-08-01 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')
CAPEC
  • CAPEC-251: Local Code Inclusion
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
WatchGuard
Search vendor "WatchGuard"
AuthPoint Password Manager
Search vendor "WatchGuard" for product "AuthPoint Password Manager"
<= 1.0.5
Search vendor "WatchGuard" for product "AuthPoint Password Manager" and version " <= 1.0.5"
en
Affected