ForeScout - SecureConnector Local Service DoS
CVE-2021-36724

6.1MEDIUM

Key Information:

Vendor: Forescout
Status: Eservices / Envoice
Vendor: CVE Published:; 29 December 2021

What is CVE-2021-36724?

ForeScout - SecureConnector Local Service DoS - A low privilaged user which doesn't have permissions to shutdown the secure connector service writes a large amount of characters in the installationPath. This will cause the buffer to overflow and override the stack cookie causing the service to crash.

Affected Version(s)

eServices / eNvoice SecureConnector 11.0.4.1024

References

https://www.gov.il/en/departments/faq/cve_advisories

x_refsource_CONFIRM

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 29, 2021
Vulnerability Reserved
Jul 12, 2021

Credit

Alex Katziv - Novartis