CVE-2024-1417

EUVD-2024-17171
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in WatchGuard AuthPoint Password Manager on MacOS allows an a adversary with local access to execute code under the context of the AuthPoint Password Manager application.
This issue affects AuthPoint Password Manager for MacOS versions before 1.0.6.
Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 44%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
watchguardauthpoint_password_manager
1.0.6* ≤
𝑥
< 1.0.6
ADP
Common Weakness Enumeration
References
https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00006
https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00006