The flaw, identified as WGSA-2026-00002, allows local attackers to execute arbitrary commands with SYSTEM-level privileges, potentially granting them unrestricted access to the host machine.
This vulnerability affects the underlying software technology from NCP Engineering that WatchGuard uses for its IPSec client.
The issue lies in the installation management process, which creates a window of opportunity for attackers to bypass standard administrative protection mechanisms.
The vulnerability manifests during the software’s maintenance cycles, specifically during installation, updates, or uninstallation. During these actions, the MSI installer opens command-line windows (cmd.exe) to run background tasks.
Critically, these command prompts run with the SYSTEM account’s rights, the highest privilege level on Windows.
| Feature | Details |
|---|---|
| Advisory ID | WGSA-2026-00002 (NCPVE-2025-0626) |
| Product | WatchGuard Mobile VPN with IPSec client for Windows |
| Vulnerability Type | Privilege Escalation / Arbitrary Command Execution |
| CVSS Score | 6.3 (Medium) |
| CVSS Vector | CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H |
| Impact | Attackers can bypass admin protections and gain SYSTEM access. |
On older versions of Windows, these command windows are interactive rather than hidden or locked.
A local attacker or a malicious insider could interrupt this process, interact with the open command prompt, and execute their own commands.
Because the parent process holds SYSTEM rights, any command entered by the attacker inherits those same elevated privileges.
While the Common Vulnerability Scoring System (CVSS) assigns this a “Medium” severity base score of 6.3, the implications for affected endpoints are severe.
The high scores in the subsequent impact metrics (Confidentiality, Integrity, and Availability, all rated High) indicate that successful exploitation results in a total compromise of the affected system.
This vulnerability affects the WatchGuard Mobile VPN with IPSec client for Windows up to and including version 15.19.
Security teams managing endpoints with this software installed should prioritize remediation, especially on legacy Windows systems where the interactive command prompt behavior is more prevalent.
Currently, there are no workarounds available to mitigate this flaw without updating the software. WatchGuard and NCP have released a fix in the latest version.
Administrators are advised to immediately upgrade all affected endpoints to WatchGuard Mobile VPN with IPSec client version 15.33 or higher.
This update modifies the installer behavior to prevent the exposure of interactive command windows with elevated privileges.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post WatchGuard VPN Client for Windows Vulnerability Enables Command Execution With SYSTEM Privileges appeared first on Cyber Security News.
ROCKFORD, Ill. (WTVO) — The Community Action Garden grants are now available for all neighborhood,…
Illinois Lt. Gov. Juliana Stratton, backed by Gov. J.B. Pritzker, will face Republican Don Tracy…
The U.S. Capitol on March 3, 2026. (Photo by Jennifer Shutt/States Newsroom)WASHINGTON — U.S. Senate…
The Belvidere School Board has released survey regarding their Masters Facility Plans. A big question…
Darren Bailey has won the Republican nomination for Illinois Governor, promising to cut taxes, reduce…
The new trailer for Dune: Part 3 just dropped and it looks incredible. The third…
This website uses cookies.