Security Advisory: Authentication bypass vulnerability in Forcepoint NGFW with LDAP authentication method (CVE-2019-6143)

Summary

This security advisory details the authentication bypass vulnerability and its effect on Forcepoint NGFW products.

Information

Forcepoint Next Generation Firewall (Forcepoint NGFW) has a serious authentication vulnerability that potentially allows unauthorized users to bypass password authentication and access services protected by the NGFW Engine.

The vulnerability affects the following NGFW features when the LDAP authentication method is used as the backend authentication:

• IPsec VPN
• SSL VPN
• Browser-based user authentication

The vulnerability does not apply when any other backend authentication is used. The RADIUS authentication method is not vulnerable, for example.

The following NGFW Engine versions are vulnerable:

• 6.4.0-6.4.6
• 6.5.0-6.5.3
• 6.6.0-6.6.1

Forcepoint has reserved CVE-2019-6143 to identify and track this issue with an assigned CVSSv3 Base Score of 9.1 (Critical). [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N]

Resolution

To fix this vulnerability, upgrade to one of the following NGFW Engine versions:

• 6.4.7 or higher
• 6.5.4 or higher
• 6.6.2 or higher

To prevent the vulnerability on affected NGFW versions, stop using the LDAP authentication method, and use an alternative method, such as RADIUS.