CVE-2019-6145
Summary
| CVE | CVE-2019-6145 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-09-20 20:15:00 UTC |
| Updated | 2022-04-18 16:15:00 UTC |
| Description | Forcepoint VPN Client for Windows versions lower than 6.6.1 have an unquoted search path vulnerability. This enables local privilege escalation to SYSTEM user. By default, only local administrators can write executables to the vulnerable directories. Forcepoint thanks Peleg Hadar of SafeBreach Labs for finding this vulnerability and for reporting it to us. |
Risk And Classification
Problem Types: CWE-428
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Forcepoint | Vpn Client | All | All | All | All |
| Application | Forcepoint | Vpn Client | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Forcepoint VPN Client for Windows - Unquoted Search Path and Potential Abuses (CVE-2019-6145) | MISC | safebreach.com | Exploit, Third Party Advisory |
| Security Advisory: Unquoted search path vulnerability in Forcepoint VPN Client for Windows (CVE-2019-6145) | CONFIRM | help.forcepoint.com | |
| KB Article | Forcepoint Support | CONFIRM | support.forcepoint.com | Mitigation, Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.