Friday, March 5, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Privilege escalation vulnerability patched in Forcepoint VPN for Windows

September 23, 2019
in Internet Security
Privilege escalation vulnerability patched in Forcepoint VPN for Windows
586
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Chinese hackers are scanning the internet for Fortinet and Pulse Secure VPN servers
Security researchers spot Chinese state-sponsored hackers going after high-end enterprise VPN servers.

A patch has been issued to resolve a privilege escalation vulnerability in Forcepoint VPN Client software for Windows. 

You might also like

Ransomware as a service is the new big problem for business

Microsoft: We’re cracking down on Excel macro malware

Twitter and Twitch added to list of those concerned with Australia’s Online Safety Bill

Last week, cybersecurity researchers from SafeBreach Labs disclosed the security flaw, tracked as CVE-2019-6145, and said the bug could be used not only to escalate an attacker’s privileges but also to maintain persistence on an infected system. 

Described as an unquoted search path vulnerability and awarded a CVSSv3 base severity score of 6.5, the problem exists in Forcepoint VPN Client for Windows software versions 6.6.0 and earlier. 

See also: VPN services: The ultimate guide to protecting your data on the Internet

In the client software of the virtual private network (VPN) system, previously known as Stonesoft VPN Client, a coding issue meant that during boot sequences on Windows machines, the VPN incorrectly attempts to execute programs from C:Program.exe and C:Program Files (x86)ForcepointVPN.exe. 

The client runs the signed sgvpn.exe Windows service as NT AUTHORITYSYSTEM, and this requires administrator levels of permission. 

Should a threat actor plant a malicious executable in either of the aforementioned locations, the software would automatically execute it, which enables system-level privilege escalation.

It is worth noting that to exploit the vulnerability, a local attacker must already have admin privileges to plant the payloads. However, if they pull off an attack, this can lead to malicious executables being launched every time the VPN is being loaded, as well as application whitelisting bypass.  

CNET: Facebook suspends tens of thousands of apps following Cambridge Analytica scandal

In order to test the flaw, SafeBreach Labs crafted a Proof-of-Concept (PoC) unsigned .exe file. When a vulnerable version of the VPN was launched, the file was executed as NT AUTHORITYSYSTEM by the legitimate Forcepoint application.

The root cause of the bug is a lack of a quoted string between the executable’s path and arguments on the command line, causing a Forcepoint VPN startup process to split itself when space characters are parsed. 

The researchers reported their findings to Forcepoint on September 5 and the company confirmed the vulnerability’s validity on the same day. A CVE was issued by September 16, and after a patch was issued, Forcepoint released a security advisory on September 19. 

TechRepublic: Organizations struggle to manage cyberthreats without automation

It is recommended that Forcepoint VPN users upgrade to version 6.6.1 or higher to protect themselves from compromise. 

ZDNet has reached out to Forcepoint with additional queries and will update when we hear back.

Previous and related coverage


Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0


Credit: Zdnet

Previous Post

AWS Announces General Availability of Amazon EC2 G4 Instances

Next Post

Stylish Sites Made Simple with AnyMod

Related Posts

Ransomware as a service is the new big problem for business
Internet Security

Ransomware as a service is the new big problem for business

March 5, 2021
Microsoft: We’re cracking down on Excel macro malware
Internet Security

Microsoft: We’re cracking down on Excel macro malware

March 4, 2021
Twitter and Twitch added to list of those concerned with Australia’s Online Safety Bill
Internet Security

Twitter and Twitch added to list of those concerned with Australia’s Online Safety Bill

March 4, 2021
Google patches actively exploited Chrome browser zero-day vulnerability
Internet Security

Google patches actively exploited Chrome browser zero-day vulnerability

March 4, 2021
High severity Linux network security holes found, fixed
Internet Security

High severity Linux network security holes found, fixed

March 4, 2021
Next Post
How to Change the WordPress Admin Login Logo

Stylish Sites Made Simple with AnyMod

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Ransomware as a service is the new big problem for business
Internet Security

Ransomware as a service is the new big problem for business

March 5, 2021
Google Will Use ‘FLoC’ for Ad Targeting Once 3rd-Party Cookies Are Dead
Internet Privacy

Google Will Use ‘FLoC’ for Ad Targeting Once 3rd-Party Cookies Are Dead

March 5, 2021
AI and machine learning’s moment in health care
Machine Learning

AI and machine learning’s moment in health care

March 4, 2021
The Examples and Benefits of AI in Healthcare: From accurate diagnosis to remote patient monitoring | by ITRex Group | Mar, 2021
Neural Networks

The Examples and Benefits of AI in Healthcare: From accurate diagnosis to remote patient monitoring | by ITRex Group | Mar, 2021

March 4, 2021
Welcome to events Thursdays: Thursday’s daily brief
Digital Marketing

Welcome to events Thursdays: Thursday’s daily brief

March 4, 2021
How to Change the WordPress Admin Login Logo
Learn to Code

React authentication, simplified

March 4, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Ransomware as a service is the new big problem for business March 5, 2021
  • Google Will Use ‘FLoC’ for Ad Targeting Once 3rd-Party Cookies Are Dead March 5, 2021
  • AI and machine learning’s moment in health care March 4, 2021
  • The Examples and Benefits of AI in Healthcare: From accurate diagnosis to remote patient monitoring | by ITRex Group | Mar, 2021 March 4, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates