nvd-json-data-feeds/CVE-2019/CVE-2019-61xx/CVE-2019-6143.json

{
  "id": "CVE-2019-6143",
  "sourceIdentifier": "psirt@forcepoint.com",
  "published": "2019-08-20T21:15:13.357",
  "lastModified": "2022-04-18T16:11:12.913",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "Forcepoint Next Generation Firewall (Forcepoint NGFW) 6.4.x before 6.4.7, 6.5.x before 6.5.4, and 6.6.x before 6.6.2 has a serious authentication vulnerability that potentially allows unauthorized users to bypass password authentication and access services protected by the NGFW Engine. The vulnerability affects the following NGFW features when the LDAP authentication method is used as the backend authentication: IPsec VPN, SSL VPN or Browser-based user authentication. The vulnerability does not apply when any other backend authentication is used. The RADIUS authentication method is not vulnerable, for example."
    },
    {
      "lang": "es",
      "value": "El firewall de Forcepoint Next Generation (Forcepoint NGFW) 6.4.x versiones anteriores a 6.4.7, 6.5.x versiones anteriores a 6.5.4 y 6.6.x versiones anteriores a 6.6.2 tiene una grave vulnerabilidad de autenticaci\u00f3n que potencialmente permite a usuarios no autorizados eludir la autenticaci\u00f3n de contrase\u00f1a y acceder a servicios protegidos por el motor NGFW. La vulnerabilidad afecta las siguientes caracter\u00edsticas de NGFW cuando se utiliza el m\u00e9todo de autenticaci\u00f3n LDAP como autenticaci\u00f3n de back-end: IPsec VPN, SSL VPN o autenticaci\u00f3n de usuario basada en navegador. La vulnerabilidad no se aplica cuando se utiliza cualquier otra autenticaci\u00f3n de back-end. El m\u00e9todo de autenticaci\u00f3n RADIUS no es vulnerable, por ejemplo."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "NONE",
          "baseScore": 9.1,
          "baseSeverity": "CRITICAL"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.2
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "NONE",
          "baseScore": 6.4
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 10.0,
        "impactScore": 4.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:forcepoint:next_generation_firewall:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "6.4.0",
              "versionEndExcluding": "6.4.7",
              "matchCriteriaId": "9854BA69-0760-4E92-9A82-DF0BD47475BB"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:forcepoint:next_generation_firewall:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "6.5.0",
              "versionEndExcluding": "6.5.4",
              "matchCriteriaId": "7AE682D3-2726-4C1A-8D68-5826E8225964"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:forcepoint:next_generation_firewall:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "6.6.0",
              "versionEndExcluding": "6.6.2",
              "matchCriteriaId": "76EB278D-ED52-4E8B-8B41-D7FB1B94BF5A"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://help.forcepoint.com/security/CVE/CVE-2019-6143.html",
      "source": "psirt@forcepoint.com",
      "tags": [
        "Vendor Advisory"
      ]
    }
  ]
}