CVE-2019-6143 : Security Advisory and Response

Forcepoint Next Generation Firewall (Forcepoint NGFW) versions 6.4.x before 6.4.7, 6.5.x before 6.5.4, and 6.6.x before 6.6.2 contain an authentication vulnerability that could allow unauthorized access to protected services.

Understanding CVE-2019-6143

This CVE pertains to an authentication bypass vulnerability in Forcepoint Next Generation Firewall.

What is CVE-2019-6143?

The vulnerability in Forcepoint NGFW versions 6.4.x to 6.6.x allows unauthorized individuals to bypass password authentication and gain access to services protected by the NGFW Engine.

The Impact of CVE-2019-6143

Unauthorized access to IPsec VPN, SSL VPN, or Browser-based user authentication services
Risk of unauthorized individuals bypassing password authentication

Technical Details of CVE-2019-6143

This section provides technical details of the vulnerability.

Vulnerability Description

The vulnerability allows unauthorized users to bypass password authentication and access protected services when LDAP authentication is used as the backend method.

Affected Systems and Versions

Forcepoint Next Generation Firewall versions 6.4.0 - 6.4.6
Forcepoint Next Generation Firewall versions 6.5.0 - 6.5.3
Forcepoint Next Generation Firewall versions 6.6.0 - 6.6.1

Exploitation Mechanism

Unauthorized individuals can exploit the vulnerability by bypassing password authentication when LDAP authentication is employed as the backend method.

Mitigation and Prevention

Protect your systems from this vulnerability with the following steps:

Immediate Steps to Take

Update Forcepoint NGFW to versions 6.4.7, 6.5.4, or 6.6.2
Implement additional access controls
Monitor network traffic for any unauthorized access

Long-Term Security Practices

Regularly review and update authentication methods
Conduct security training for employees on best practices

Patching and Updates

Apply patches and updates provided by Forcepoint to address the vulnerability