Skip to main content

Forcepoint VPN fixes escalation vulnerability in Windows client

(Image credit: Image source: Shutterstock/BeeBright)

A privilege escalation vulnerability which was recently discovered in the Forcepoint VPN Windows client has now successfully been patched, the company confirmed.

Security experts from SafeBreach Labs have recently uncovered a new flaw within the client, which was dubbed CVE-2019-6145. Not only does the flaw grant hackers elevated privileges, but also allows them to stick around on an infected system for longer. According to the researchers, all versions prior to 6.6.0. are vulnerable.

The flaw is caused by a lack of a quoted string between the executable’s path and arguments on the command line. That’s why the VPN’s (opens in new tab)startup process gets split when space characters are parsed.

However, taking advantage of the vulnerability is not as easy as it sounds. First, the attacker would need to plant a malicious executable in two locations within the operating system: C:\Program.exe and C:\Program Files (x86)\Forcepoint\VPN.exe. That means that admin privileges are necessary to begin with.

It took Forcepoint 11 days, from the day the vulnerability was confirmed, to issue a patch. The company issued a security advisory three days later, on September 19.

All Forcepoint VPN (opens in new tab)users are advised to update their Windows clients to version 6.6.1. or higher, as soon as possible.

“For organizations with Forcepoint VPN Clients, it is important to update the software to the latest release and to monitor devices with the compromised client. By looking at their network traffic patterns, it will be easy to spot the exploited devices,” commented Justin Jett, Director of Audit and Compliance at Plixer.

Sead Fadilpašić
Sead Fadilpašić

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.