CVE-2019-6145
First published: Fri Sep 20 2019(Updated: )
Forcepoint VPN Client for Windows versions lower than 6.6.1 have an unquoted search path vulnerability. This enables local privilege escalation to SYSTEM user. By default, only local administrators can write executables to the vulnerable directories. Forcepoint thanks Peleg Hadar of SafeBreach Labs for finding this vulnerability and for reporting it to us.
Credit: psirt@forcepoint.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Forcepoint Vpn Client | <6.6.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-6145?
CVE-2019-6145 is a vulnerability in Forcepoint VPN Client for Windows versions lower than 6.6.1 that allows local privilege escalation to the SYSTEM user.
How severe is CVE-2019-6145?
CVE-2019-6145 has a severity value of 6.7, which is considered high.
How can I fix CVE-2019-6145?
To fix CVE-2019-6145, update your Forcepoint VPN Client to version 6.6.1 or higher.
Who discovered CVE-2019-6145?
CVE-2019-6145 was discovered by Peleg Hadar of SafeBreach Labs.
What is the Common Weakness Enumeration (CWE) for CVE-2019-6145?
The Common Weakness Enumeration (CWE) for CVE-2019-6145 is CWE-428.
- collector/nvd-index
- agent/weakness
- agent/type
- agent/severity
- agent/references
- agent/author
- agent/description
- agent/event
- agent/tags
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- vendor/forcepoint
- canonical/forcepoint vpn client