CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-22795
https://notcve.org/view.php?id=CVE-2024-22795
Insecure Permissions vulnerability in Forescout SecureConnector v.11.3.06.0063 allows a local attacker to escalate privileges via the Recheck Compliance Status component. La vulnerabilidad de permisos inseguros en Forescout SecureConnector v.11.3.06.0063 permite a un atacante local escalar privilegios a través del componente Recheck Compliance Status. • https://gist.github.com/Hagrid29/aea0dc35a1e87813dbbb7b317853d023 https://github.com/Hagrid29/ForeScout-SecureConnector-EoP https://www.forescout.com • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39374 – ForeScout NAC SecureConnector – CWE-427: Uncontrolled Search Path Element
https://notcve.org/view.php?id=CVE-2023-39374
ForeScout NAC SecureConnector version 11.2 - CWE-427: Uncontrolled Search Path Element ForeScout NAC SecureConnector versión 11.2 - CWE-427: Elemento de ruta de búsqueda no controlada. • https://www.gov.il/en/Departments/faq/cve_advisories • CWE-427: Uncontrolled Search Path Element •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-36724 – ForeScout - SecureConnector Local Service DoS
https://notcve.org/view.php?id=CVE-2021-36724
ForeScout - SecureConnector Local Service DoS - A low privilaged user which doesn't have permissions to shutdown the secure connector service writes a large amount of characters in the installationPath. This will cause the buffer to overflow and override the stack cookie causing the service to crash. ForeScout - SecureConnector Local Service DoS - Un usuario poco privilegiado que no tiene permisos para cerrar el servicio del conector seguro escribe una gran cantidad de caracteres en installationPath. Esto causará el desbordamiento del búfer y se anule la cookie de la pila causando que el servicio se bloquee • https://www.gov.il/en/departments/faq/cve_advisories • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2021-28098
https://notcve.org/view.php?id=CVE-2021-28098
An issue was discovered in Forescout CounterACT before 8.1.4. A local privilege escalation vulnerability is present in the logging function. SecureConnector runs with administrative privileges and writes logs entries to a file in %PROGRAMDATA%\ForeScout SecureConnector\ that has full permissions for the Everyone group. Using a symbolic link allows an attacker to point the log file to a privileged location such as %WINDIR%\System32. The resulting log file adopts the file permissions of the source of the symbolic link (in this case, the Everyone group). • https://docs.forescout.com https://jordanpotti.com/2021/03/30/forescout-priv-esc-folder-permissions https://www.adversis.io/research/2021/3/30/forescout-secure-connector-local-privilege-escalation • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-427: Uncontrolled Search Path Element CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9485 – On Windows endpoints, the SecureConnector agent is vulnerable to privilege escalation whereby an authenticated unprivileged user can obtain administrator privileges on the endpoint because it fails to set any permissions on downloaded file objects
https://notcve.org/view.php?id=CVE-2016-9485
On Windows endpoints, the SecureConnector agent must run under the local SYSTEM account or another administrator account in order to enable full functionality of the agent. The typical configuration is for the agent to run as a Windows service under the local SYSTEM account. The SecureConnector agent runs various plugin scripts and executables on the endpoint in order to gather and report information about the host to the CounterACT management appliance. The SecureConnector agent downloads these scripts and executables as needed from the CounterACT management appliance and runs them on the endpoint. The SecureConnector agent fails to set any permissions on downloaded file objects. • http://www.securityfocus.com/bid/94740 https://www.kb.cert.org/vuls/id/768331 • CWE-264: Permissions, Privileges, and Access Controls CWE-378: Creation of Temporary File With Insecure Permissions •