The flaw, tracked as CVE-2019-6145 and described as an unquoted search path issue, affects Forcepoint VPN Client for Windows versions prior to 6.6.1, which includes a patch.
The Forcepoint VPN Client provides a secure connection between endpoint devices and a gateway on the Forcepoint Next Generation Firewall (Forcepoint NGFW).
According to SafeBreach, when the client application is launched, a process named sgvpn.exe is executed with NT AUTHORITY\SYSTEM privileges. This process then attempts to run several executable files from “C:\” and the “C:\Program Files (x86)\Forcepoint\” folder.