CVE-2019-6139
Last modified
CVE-2019-6139 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. Forcepoint User ID (FUID) server versions up to 1.2 have a remote arbitrary file upload vulnerability on TCP port 5001. Successful exploitation of this vulnerability may lead to remote code execution. EPSS estimates a 2.36% chance of exploitation in the next 30 days.
Description
Forcepoint User ID (FUID) server versions up to 1.2 have a remote arbitrary file upload vulnerability on TCP port 5001. Successful exploitation of this vulnerability may lead to remote code execution. To fix this vulnerability, upgrade to FUID version 1.3 or higher. To prevent the vulnerability on FUID versions 1.2 and below, apply local firewall rules on the FUID server to disable all external access to port TCP/5001. FUID requires this port only for local connections through the loopback interface.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Forcepoint | User Id | < 1.3.0 |
References
- https://help.forcepoint.com/security/CVE/CVE-2019-6139.htmlVendor Advisory
- https://help.forcepoint.com/security/CVE/CVE-2019-6139.htmlVendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-6139?
How severe is CVE-2019-6139?
How do I fix CVE-2019-6139?
Are you affected by CVE-2019-6139?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST