A privilege escalation vulnerability which was recently discovered in the Forcepoint VPN Windows client has now successfully been patched, the company confirmed.
Security experts from SafeBreach Labs have recently uncovered a new flaw within the client, which was dubbed CVE-2019-6145. Not only does the flaw grant hackers elevated privileges, but also allows them to stick around on an infected system for longer. According to the researchers, all versions prior to 6.6.0. are vulnerable.
The flaw is caused by a lack of a quoted string between the executable’s path and arguments on the command line. That’s why the VPN’s startup process gets split when space characters are parsed.
However, taking advantage of the vulnerability is not as easy as it sounds. First, the attacker would need to plant a malicious executable in two locations within the operating system: C:\Program.exe and C:\Program Files (x86)\Forcepoint\VPN.exe. That means that admin privileges are necessary to begin with.
It took Forcepoint 11 days, from the day the vulnerability was confirmed, to issue a patch. The company issued a security advisory three days later, on September 19.
All Forcepoint VPN users are advised to update their Windows clients to version 6.6.1. or higher, as soon as possible.
“For organizations with Forcepoint VPN Clients, it is important to update the software to the latest release and to monitor devices with the compromised client. By looking at their network traffic patterns, it will be easy to spot the exploited devices,” commented Justin Jett, Director of Audit and Compliance at Plixer.