Vulnerability Description
Forcepoint VPN Client for Windows versions lower than 6.6.1 have an unquoted search path vulnerability. This enables local privilege escalation to SYSTEM user. By default, only local administrators can write executables to the vulnerable directories. Forcepoint thanks Peleg Hadar of SafeBreach Labs for finding this vulnerability and for reporting it to us.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Forcepoint | Vpn Client | < 6.6.1 |
Related Weaknesses (CWE)
References
- https://help.forcepoint.com/security/CVE/CVE-2019-6145.htmlVendor Advisory
- https://safebreach.com/Post/Forcepoint-VPN-Client-for-Windows-Unquoted-Search-PaExploitThird Party Advisory
- https://help.forcepoint.com/security/CVE/CVE-2019-6145.htmlVendor Advisory
- https://safebreach.com/Post/Forcepoint-VPN-Client-for-Windows-Unquoted-Search-PaExploitThird Party Advisory
FAQ
What is CVE-2019-6145?
CVE-2019-6145 is a vulnerability with a CVSS score of 6.7 (MEDIUM). Forcepoint VPN Client for Windows versions lower than 6.6.1 have an unquoted search path vulnerability. This enables local privilege escalation to SYSTEM user. By default, only local administrators ca...
How severe is CVE-2019-6145?
CVE-2019-6145 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-6145?
Check the references section above for vendor advisories and patch information. Affected products include: Forcepoint Vpn Client.