A vulnerability (CVE-2019-6145) has been discovered in Forcepoint CPN’s Windows client. The vulnerability allows an attacker with an existing foothold in a system to achieve an escalation of privilege. Fix for the flaw is delivered in version 6.6.1 of the software.
Researchers from SafeBreach claims: “This vulnerability could have been exploited by an attacker during a post-exploitation phase in order to achieve privilege escalation, persistence and in some cases defense evasion by using the technique of implanting an arbitrary unsigned executable which is executed by a signed service that runs as NT AUTHORITY\SYSTEM [the user account with the highest level of privileges]”
The flaw allows an unauthorized user, who has preexisting access to the system, plant an executable file. Then the CPN Client would execute the file, giving the attacker the highest level of privileges on the endpoint. The vulnerability’s CVSSv3 Base Score is 6.5, which means it’s a medium-severity vulnerability.