← Retour aux CVEs

CVE-2019-6145

MEDIUM

6.7

Description

Forcepoint VPN Client for Windows versions lower than 6.6.1 have an unquoted search path vulnerability. This enables local privilege escalation to SYSTEM user. By default, only local administrators can write executables to the vulnerable directories. Forcepoint thanks Peleg Hadar of SafeBreach Labs for finding this vulnerability and for reporting it to us.

Details CVE

Score CVSS v3.16.7

SeveriteMEDIUM

Vecteur CVSSCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Vecteur d'attaqueLOCAL

ComplexiteLOW

Privileges requisHIGH

Interaction utilisateurNONE

Publie9/20/2019

Derniere modification11/21/2024

Sourcenvd

Observations honeypot0

Produits affectes

forcepoint:vpn_client

Faiblesses (CWE)

CWE-428

References

https://help.forcepoint.com/security/CVE/CVE-2019-6145.html(psirt@forcepoint.com)

https://safebreach.com/Post/Forcepoint-VPN-Client-for-Windows-Unquoted-Search-Path-and-Potential-Abuses-CVE-2019-6145(psirt@forcepoint.com)

https://help.forcepoint.com/security/CVE/CVE-2019-6145.html(af854a3a-2127-422b-91ae-364da2661108)

https://safebreach.com/Post/Forcepoint-VPN-Client-for-Windows-Unquoted-Search-Path-and-Potential-Abuses-CVE-2019-6145(af854a3a-2127-422b-91ae-364da2661108)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.