Local Privilege Escalation Vulnerability in Forescout CounterACT Logging Function
CVE-2021-28098

7.8HIGH

Key Information:

Vendor

Forescout

Status
Counteract
Vendor
CVE Published:
14 April 2021

What is CVE-2021-28098?

A local privilege escalation vulnerability exists in Forescout CounterACT due to improper permissions on the log file created by SecureConnector. The application's logging function writes logs to a directory with full permissions accessible to all users, which enables an attacker to exploit the vulnerability using symbolic links. By redirecting the log file to a sensitive location like %WINDIR%\System32, the attacker can manipulate file permissions and potentially replace legitimate files with malicious DLLs, facilitating DLL hijacking attacks.

References

https://docs.forescout.com
x_refsource_MISC
https://www.adversis.io/research/2021/3/30/forescout-secu...
x_refsource_MISC
https://jordanpotti.com/2021/03/30/forescout-priv-esc-fol...
x_refsource_MISC

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.