Advertisement
Top
image credit: Flickr

Vulnerability Patched in Forcepoint VPN Client for Windows

September 20, 2019

Via: Security Week
Category:

The flaw, tracked as CVE-2019-6145 and described as an unquoted search path issue, affects Forcepoint VPN Client for Windows versions prior to 6.6.1, which includes a patch.

The Forcepoint VPN Client provides a secure connection between endpoint devices and a gateway on the Forcepoint Next Generation Firewall (Forcepoint NGFW).

According to SafeBreach, when the client application is launched, a process named sgvpn.exe is executed with NT AUTHORITY\SYSTEM privileges. This process then attempts to run several executable files from “C:\” and the “C:\Program Files (x86)\Forcepoint\” folder.

Read More on Security Week

RELATED PUBLICATIONS

Palo Alto Networks Warns of Exploited Firewall Vulnerability
Detecting Windows-based Malware Through Better Visibility
Fortinet Warns of Severe SQLi Vulnerability in FortiClientEMS Software

Latest Publications

The importance of the Vulnerability Operations Centre for cybersecurity
Hackers Exploit OpenMetadata Flaws to Mine Crypto on Kubernetes
FIN7 targeted a large U.S. carmaker with phishing attacks
Security Curated Copyright © 2024. All rights reserved
Go to ITCurated!