Insecure Temporary Directory in Forescout SecureConnector on Windows
CVE-2024-9950

8.5HIGH

Key Information:

Vendor: Forescout
Status: Secureconnector
Vendor: CVE Published:; 2 January 2025

Summary

A significant vulnerability in Forescout SecureConnector v11.3.07.0109 for Windows allows unauthenticated users to access and modify compliance scripts due to an insecure temporary directory. This weakness could potentially lead to unauthorized control and manipulation of crucial compliance settings, posing risks to the integrity of network security policies.

Affected Version(s)

SecureConnector Windows v11.3.07.0109

References

https://support.forescout.com/

CVSS V4

Score:

8.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Jan 2, 2025
Vulnerability Reserved
Oct 14, 2024

Credit

Owen Jeanes