CVE-2019-6144 - OpenCVE

This vulnerability allows a normal (non-admin) user to disable the Forcepoint One Endpoint (versions 19.04 through 19.08) and bypass DLP and Web protection.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:S/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Forcepoint	One Endpoint

Configuration 1 [-]

cpe:2.3:a:forcepoint:one_endpoint:*:*:*:*:*:*:*:*

References

Link	Resource
https://help.forcepoint.com/security/CVE/CVE-2019-6144.html	Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: forcepoint

Published: 2019-10-23T18:57:51

Updated: 2021-09-10T17:05:08

Reserved: 2019-01-11T00:00:00

Link: CVE-2019-6144

JSON object: View

NVD Information

Status : Analyzed

Published: 2019-10-23T19:15:12.107

Modified: 2022-03-31T17:54:01.160

Link: CVE-2019-6144

JSON object: View

Redhat Information

No data.

CWE

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:forcepoint:one_endpoint:*:*:*:*:*:*:*:*", "matchCriteriaId": "40717AB7-8209-4761-AD04-B57325D18559", "versionEndIncluding": "19.08", "versionStartIncluding": "19.04", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "This vulnerability allows a normal (non-admin) user to disable the Forcepoint One Endpoint (versions 19.04 through 19.08) and bypass DLP and Web protection."}, {"lang": "es", "value": "Esta vulnerabilidad permite a un usuario normal (no administrador) deshabilitar Forcepoint One Endpoint (versiones 19.04 hasta 19.08) y omitir DLP y la protecci\u00f3n web."}], "id": "CVE-2019-6144", "lastModified": "2022-03-31T17:54:01.160", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-10-23T19:15:12.107", "references": [{"source": "psirt@forcepoint.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://help.forcepoint.com/security/CVE/CVE-2019-6144.html"}], "sourceIdentifier": "psirt@forcepoint.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-284"}], "source": "psirt@forcepoint.com", "type": "Secondary"}]}