The flaw, identified as WGSA-2026-00002, allows local attackers to execute arbitrary commands with SYSTEM-level privileges, potentially granting them unrestricted access to the host machine.
This vulnerability affects the underlying software technology from NCP Engineering that WatchGuard uses for its IPSec client.
The issue lies in the installation management process, which creates a window of opportunity for attackers to bypass standard administrative protection mechanisms.
The vulnerability manifests during the software’s maintenance cycles, specifically during installation, updates, or uninstallation. During these actions, the MSI installer opens command-line windows (cmd.exe) to run background tasks.
Critically, these command prompts run with the SYSTEM account’s rights, the highest privilege level on Windows.
| Feature | Details |
|---|---|
| Advisory ID | WGSA-2026-00002 (NCPVE-2025-0626) |
| Product | WatchGuard Mobile VPN with IPSec client for Windows |
| Vulnerability Type | Privilege Escalation / Arbitrary Command Execution |
| CVSS Score | 6.3 (Medium) |
| CVSS Vector | CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H |
| Impact | Attackers can bypass admin protections and gain SYSTEM access. |
On older versions of Windows, these command windows are interactive rather than hidden or locked.
A local attacker or a malicious insider could interrupt this process, interact with the open command prompt, and execute their own commands.
Because the parent process holds SYSTEM rights, any command entered by the attacker inherits those same elevated privileges.
While the Common Vulnerability Scoring System (CVSS) assigns this a “Medium” severity base score of 6.3, the implications for affected endpoints are severe.
The high scores in the subsequent impact metrics (Confidentiality, Integrity, and Availability, all rated High) indicate that successful exploitation results in a total compromise of the affected system.
This vulnerability affects the WatchGuard Mobile VPN with IPSec client for Windows up to and including version 15.19.
Security teams managing endpoints with this software installed should prioritize remediation, especially on legacy Windows systems where the interactive command prompt behavior is more prevalent.
Currently, there are no workarounds available to mitigate this flaw without updating the software. WatchGuard and NCP have released a fix in the latest version.
Administrators are advised to immediately upgrade all affected endpoints to WatchGuard Mobile VPN with IPSec client version 15.33 or higher.
This update modifies the installer behavior to prevent the exposure of interactive command windows with elevated privileges.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post WatchGuard VPN Client for Windows Vulnerability Enables Command Execution With SYSTEM Privileges appeared first on Cyber Security News.
May the 4th is behind us now, but the fun isn't contained to a single…
Fans think Gears of War: E-Day could be coming as soon as September, because of…
Arguably the most famous episode of the 2004 Battlestar Galactica TV series is also one…
Making the leap to space feels like a big departure from the usually grounded horror…
Xbox and Discord have now officially unveiled the new starter edition of Xbox Game Pass…
The infamous hacking group ShinyHunters has struck again, this time targeting Instructure, the company behind…
This website uses cookies.