WatchGuard AuthPoint Password Manager Extension Version 1.0.5 and earlier for macOS Safari: Local Code Injection.
The AuthPoint Password Manager extension for MacOS Safari versions before 1.0.6 has a local code injection vulnerability that could allow a local authenticated user to execute arbitrary commands under the context of the AuthPoint Password Manager extension.
Vendor / Vendor Homepage:
WatchGuard / watchguard[dot]com
Affected Products:
WatchGuard AuthPoint Password Manager Extension Version 1.0.5 and earlier
Fixed Version:
WatchGuard AuthPoint Password Manager Extension Version 1.0.6
CVE-ID:
CVE-2024-1417
CVSS Score:
7.8/High - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00006
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1417
https://nvd.nist.gov/vuln/detail/CVE-2024-1417
YoKo Kho and Zayd Alessa from HakTrak Cybersecurity Squad