Headline
CVE-2022-27608
Forcepoint One Endpoint prior to version 22.01 installed on Microsoft Windows is vulnerable to registry key tampering by users with Administrator privileges. This could result in a user disabling anti-tampering mechanisms which would then allow the user to disable Forcepoint One Endpoint and the protection offered by it.
**Security Advisory: CVE-2022-27608 - Incorrect Authorization******SUMMARY****
This advisory describes the Incorrect Authorization vulnerability (CVE-2022-27608) and its potential effect on Forcepoint products.
****INFORMATION****
Published Date: October 27, 2021
Last Update:March 28, 2022
Security Advisory Status: Published
Security Advisory severity: High
CVE Number(s): CVE-2022-27608
Security Advisory Summary
The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.
Forcepoint One Endpoint prior to version 22.01 installed on Microsoft Windows is vulnerable to registry key tampering by users with Administrator privileges. This could result in a user disabling anti-tampering mechanisms which would then allow the user to disable Forcepoint One Endpoint and the protection offered by it.
Affected products
- Forcepoint One Endpoint (Web Proxy Connect, Web Direct Connect, DLP, Combined Endpoints).
****RESOLUTION****
Workarounds
There are no workarounds at this time.
Hotfix and information about other fixes
The Endpoint version 22.01 includes the fix. See Release Notes for Forcepoint F1E v22.01 for more details on the latest Endpoint release.
Forcepoint would like to thank mr.d0x - @mrd0x for discovering and working with us to responsibly disclose this vulnerability.