Search
Find a vulnerability
Search criteria
27 vulnerabilities by Forescout
CVE-2025-4660 (GCVE-0-2025-4660)
Vulnerability from nvd – Published: 2025-05-13 17:34 – Updated: 2025-08-21 15:14
VLAI
Title
Remote Code Execution in Windows Secure Connector/ HPS Inspection Engine via Insecure Named Pipe Access
Summary
A remote code execution vulnerability exists in the Windows agent component of SecureConnector due to improper access controls on a named pipe. The pipe is accessible to the Everyone group and does not restrict remote connections, allowing any network-based attacker to connect without authentication. By interacting with this pipe, an attacker can redirect the agent to communicate with a rogue server that can issue commands via the SecureConnector Agent.
This does not impact Linux or OSX Secure Connector.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Forescout | SecureConnector |
Affected:
0 , ≤ 11.3.6
(custom)
Unaffected: 11.3.7 (custom) |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4660",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-13T18:35:04.445621Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T18:35:12.394Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "SecureConnector",
"vendor": "Forescout",
"versions": [
{
"lessThanOrEqual": "11.3.6",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "11.3.7",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Pen Test Partners"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\n\n\u003c/p\u003e\u003cp\u003eA remote code execution vulnerability exists in the Windows agent component of SecureConnector\u0026nbsp;due to improper access controls on a named pipe. The pipe is accessible to the \u003cstrong\u003eEveryone\u003c/strong\u003e group and does not restrict \u003cstrong\u003eremote connections\u003c/strong\u003e, allowing any network-based attacker to connect without authentication. By interacting with this pipe, an attacker can redirect the agent to communicate with a rogue server that can issue commands via the SecureConnector Agent.\u0026nbsp;\u003cbr\u003e\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(24, 26, 27);\"\u003eThis does not impact Linux or OSX Secure Connector. \u003c/span\u003e\n\n\u003cbr\u003e\u003c/p\u003e\n\n\n\u003cp\u003e\u003c/p\u003e"
}
],
"value": "A remote code execution vulnerability exists in the Windows agent component of SecureConnector\u00a0due to improper access controls on a named pipe. The pipe is accessible to the Everyone group and does not restrict remote connections, allowing any network-based attacker to connect without authentication. By interacting with this pipe, an attacker can redirect the agent to communicate with a rogue server that can issue commands via the SecureConnector Agent.\u00a0\n\n\n\nThis does not impact Linux or OSX Secure Connector."
}
],
"impacts": [
{
"capecId": "CAPEC-549",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-549 Local Execution of Code"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/AU:Y/R:U/V:C/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-21T15:14:15.922Z",
"orgId": "a14582b7-06f4-4d66-8e82-3d7ba3739e88",
"shortName": "Forescout"
},
"references": [
{
"url": "https://forescout.my.site.com/support/s/article/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Remote Code Execution in Windows Secure Connector/\u00a0HPS Inspection Engine via Insecure Named Pipe Access",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a14582b7-06f4-4d66-8e82-3d7ba3739e88",
"assignerShortName": "Forescout",
"cveId": "CVE-2025-4660",
"datePublished": "2025-05-13T17:34:53.955Z",
"dateReserved": "2025-05-13T17:34:31.059Z",
"dateUpdated": "2025-08-21T15:14:15.922Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-9950 (GCVE-0-2024-9950)
Vulnerability from nvd – Published: 2025-01-02 15:40 – Updated: 2025-06-03 13:49
VLAI
Title
Abuse of Unauthenticated Compliance Recheck in SecureConnector
Summary
A vulnerability in Forescout SecureConnector v11.3.07.0109 on Windows allows
unauthenticated user to modify compliance scripts due to insecure temporary directory.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.forescout.com/ |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Forescout | SecureConnector |
Affected:
v11.3.07.0109 , ≤ v11.3.11
(custom)
|
Date Public
2024-11-01 21:09
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9950",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-02T17:37:14.368429Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-02T17:37:36.857Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "SecureConnector",
"vendor": "Forescout",
"versions": [
{
"lessThanOrEqual": "v11.3.11",
"status": "affected",
"version": "v11.3.07.0109",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Owen Jeanes"
}
],
"datePublic": "2024-11-01T21:09:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability in Forescout SecureConnector v11.3.07.0109\u0026nbsp;on Windows allows \n\nunauthenticated user to modify compliance scripts due to insecure temporary directory.\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cbr\u003e\u003c/span\u003e"
}
],
"value": "A vulnerability in Forescout SecureConnector v11.3.07.0109\u00a0on Windows allows \n\nunauthenticated user to modify compliance scripts due to insecure temporary directory."
}
],
"impacts": [
{
"capecId": "CAPEC-23",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-23 File Content Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:L/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-379",
"description": "CWE-379",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-03T13:49:49.865Z",
"orgId": "a14582b7-06f4-4d66-8e82-3d7ba3739e88",
"shortName": "Forescout"
},
"references": [
{
"url": "https://support.forescout.com/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Abuse of Unauthenticated Compliance Recheck in SecureConnector",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a14582b7-06f4-4d66-8e82-3d7ba3739e88",
"assignerShortName": "Forescout",
"cveId": "CVE-2024-9950",
"datePublished": "2025-01-02T15:40:36.374Z",
"dateReserved": "2024-10-14T19:24:59.804Z",
"dateUpdated": "2025-06-03T13:49:49.865Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-9949 (GCVE-0-2024-9949)
Vulnerability from nvd – Published: 2024-10-23 17:37 – Updated: 2024-11-07 16:36
VLAI
Title
Denial of Service in Forescout SecureConnector
Summary
Denial of Service in Forescout SecureConnector 11.1.02.1019 on Windows allows Unprivileged user to corrupt the configuration file and cause Denial of Service in the application.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1188 - Insecure Default Initialization of Resource
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Forescout | SecureConnector |
Affected:
11.1.02.1019 , ≤ 11.3.5
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9949",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-24T14:51:06.339003Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-24T14:51:20.477Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "SecureConnector",
"vendor": "Forescout",
"versions": [
{
"changes": [
{
"at": "11.3.6",
"status": "unaffected"
}
],
"lessThanOrEqual": "11.3.5",
"status": "affected",
"version": "11.1.02.1019",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Denial of Service in Forescout SecureConnector\u0026nbsp;11.1.02.1019 on Windows allows Unprivileged user to corrupt the configuration file and cause Denial of Service in the application.\u0026nbsp;"
}
],
"value": "Denial of Service in Forescout SecureConnector\u00a011.1.02.1019 on Windows allows Unprivileged user to corrupt the configuration file and cause Denial of Service in the application."
}
],
"impacts": [
{
"capecId": "CAPEC-234",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-234 Hijacking a privileged process"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1188",
"description": "CWE-1188 Insecure Default Initialization of Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T16:36:26.432Z",
"orgId": "a14582b7-06f4-4d66-8e82-3d7ba3739e88",
"shortName": "Forescout"
},
"references": [
{
"url": "https://forescout.my.site.com/support/s/article/High-Severity-Vulnerability-in-Secure-Connector-HPS-Inspection-Engine-v11-3-5-and-lower"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Denial of Service in Forescout SecureConnector",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a14582b7-06f4-4d66-8e82-3d7ba3739e88",
"assignerShortName": "Forescout",
"cveId": "CVE-2024-9949",
"datePublished": "2024-10-23T17:37:42.978Z",
"dateReserved": "2024-10-14T18:53:58.941Z",
"dateUpdated": "2024-11-07T16:36:26.432Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-22795 (GCVE-0-2024-22795)
Vulnerability from nvd – Published: 2024-02-08 00:00 – Updated: 2026-02-26 21:58
VLAI
Summary
Insecure Permissions vulnerability in Forescout SecureConnector v.11.3.06.0063 allows a local attacker to escalate privileges via the Recheck Compliance Status component.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-269 - Improper Privilege Management
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:51:11.051Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.forescout.com/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Hagrid29/ForeScout-SecureConnector-EoP"
},
{
"tags": [
"x_transferred"
],
"url": "https://gist.github.com/Hagrid29/aea0dc35a1e87813dbbb7b317853d023"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-22795",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-08T20:31:28.621520Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T21:58:55.678Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insecure Permissions vulnerability in Forescout SecureConnector v.11.3.06.0063 allows a local attacker to escalate privileges via the Recheck Compliance Status component."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-08T18:21:43.639Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.forescout.com/"
},
{
"url": "https://github.com/Hagrid29/ForeScout-SecureConnector-EoP"
},
{
"url": "https://gist.github.com/Hagrid29/aea0dc35a1e87813dbbb7b317853d023"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-22795",
"datePublished": "2024-02-08T00:00:00.000Z",
"dateReserved": "2024-01-11T00:00:00.000Z",
"dateUpdated": "2026-02-26T21:58:55.678Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-39374 (GCVE-0-2023-39374)
Vulnerability from nvd – Published: 2023-09-03 14:48 – Updated: 2024-10-01 14:21
VLAI
Title
ForeScout NAC SecureConnector – CWE-427: Uncontrolled Search Path Element
Summary
ForeScout NAC SecureConnector version 11.2 - CWE-427: Uncontrolled Search Path Element
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ForeScout | NAC SecureConnector |
Unknown:
version 11.2 , < Upgrade to Endpoint Module (SecureConnector) Release 1.4.5
(custom)
|
Date Public
2023-09-03 13:42
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:10:20.296Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.gov.il/en/Departments/faq/cve_advisories"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39374",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-01T14:21:08.046932Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-01T14:21:15.498Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "NAC SecureConnector",
"vendor": " ForeScout",
"versions": [
{
"lessThan": "Upgrade to Endpoint Module (SecureConnector) Release 1.4.5",
"status": "unknown",
"version": "version 11.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Victor Herrera"
}
],
"datePublic": "2023-09-03T13:42:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eForeScout NAC SecureConnector version 11.2 -\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCWE-427: Uncontrolled Search Path Element\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "\nForeScout NAC SecureConnector version 11.2 -\u00a0CWE-427: Uncontrolled Search Path Element\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-03T14:48:58.280Z",
"orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"shortName": "INCD"
},
"references": [
{
"url": "https://www.gov.il/en/Departments/faq/cve_advisories"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpgrade to Endpoint Module (SecureConnector) Release 1.4.5\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "\nUpgrade to Endpoint Module (SecureConnector) Release 1.4.5\n\n\n"
}
],
"source": {
"advisory": "ILVN-2023-0131",
"discovery": "UNKNOWN"
},
"title": " ForeScout NAC SecureConnector \u2013 CWE-427: Uncontrolled Search Path Element",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"assignerShortName": "INCD",
"cveId": "CVE-2023-39374",
"datePublished": "2023-09-03T14:48:58.280Z",
"dateReserved": "2023-07-30T10:41:13.579Z",
"dateUpdated": "2024-10-01T14:21:15.498Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-36724 (GCVE-0-2021-36724)
Vulnerability from nvd – Published: 2021-12-29 17:02 – Updated: 2024-09-16 20:07
VLAI
Title
ForeScout - SecureConnector Local Service DoS
Summary
ForeScout - SecureConnector Local Service DoS - A low privilaged user which doesn't have permissions to shutdown the secure connector service writes a large amount of characters in the installationPath. This will cause the buffer to overflow and override the stack cookie causing the service to crash.
Severity
6.1 (Medium)
CWE
- Local Service DoS
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.gov.il/en/departments/faq/cve_advisories | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ForeScout | eServices / eNvoice |
Affected:
SecureConnector 11.0.4.1024
|
Date Public
2021-12-28 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:01:58.922Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.gov.il/en/departments/faq/cve_advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "eServices / eNvoice",
"vendor": "ForeScout",
"versions": [
{
"status": "affected",
"version": "SecureConnector 11.0.4.1024"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Alex Katziv - Novartis"
}
],
"datePublic": "2021-12-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "ForeScout - SecureConnector Local Service DoS - A low privilaged user which doesn\u0027t have permissions to shutdown the secure connector service writes a large amount of characters in the installationPath. This will cause the buffer to overflow and override the stack cookie causing the service to crash."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Local Service DoS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-29T17:02:42.000Z",
"orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"shortName": "INCD"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.gov.il/en/departments/faq/cve_advisories"
}
],
"solutions": [
{
"lang": "en",
"value": "HotFix was released"
}
],
"source": {
"advisory": "ILVN-2021-0009",
"defect": [
"ILVN-2021-0009"
],
"discovery": "EXTERNAL"
},
"title": "ForeScout - SecureConnector Local Service DoS",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@cyber.gov.il",
"DATE_PUBLIC": "2021-12-28T11:43:00.000Z",
"ID": "CVE-2021-36724",
"STATE": "PUBLIC",
"TITLE": "ForeScout - SecureConnector Local Service DoS"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "eServices / eNvoice",
"version": {
"version_data": [
{
"version_name": "SecureConnector",
"version_value": "11.0.4.1024"
}
]
}
}
]
},
"vendor_name": "ForeScout"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Alex Katziv - Novartis"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ForeScout - SecureConnector Local Service DoS - A low privilaged user which doesn\u0027t have permissions to shutdown the secure connector service writes a large amount of characters in the installationPath. This will cause the buffer to overflow and override the stack cookie causing the service to crash."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Local Service DoS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.gov.il/en/departments/faq/cve_advisories",
"refsource": "CONFIRM",
"url": "https://www.gov.il/en/departments/faq/cve_advisories"
}
]
},
"solution": [
{
"lang": "en",
"value": "HotFix was released"
}
],
"source": {
"advisory": "ILVN-2021-0009",
"defect": [
"ILVN-2021-0009"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"assignerShortName": "INCD",
"cveId": "CVE-2021-36724",
"datePublished": "2021-12-29T17:02:42.726Z",
"dateReserved": "2021-07-12T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:07:01.981Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28098 (GCVE-0-2021-28098)
Vulnerability from nvd – Published: 2021-04-14 14:56 – Updated: 2024-08-03 21:33
VLAI
Summary
An issue was discovered in Forescout CounterACT before 8.1.4. A local privilege escalation vulnerability is present in the logging function. SecureConnector runs with administrative privileges and writes logs entries to a file in %PROGRAMDATA%\ForeScout SecureConnector\ that has full permissions for the Everyone group. Using a symbolic link allows an attacker to point the log file to a privileged location such as %WINDIR%\System32. The resulting log file adopts the file permissions of the source of the symbolic link (in this case, the Everyone group). The log file in System32 can be replaced and renamed with a malicious DLL for DLL hijacking.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://docs.forescout.com | x_refsource_MISC |
| https://www.adversis.io/research/2021/3/30/foresc… | x_refsource_MISC |
| https://jordanpotti.com/2021/03/30/forescout-priv… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:33:17.486Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.forescout.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.adversis.io/research/2021/3/30/forescout-secure-connector-local-privilege-escalation"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jordanpotti.com/2021/03/30/forescout-priv-esc-folder-permissions/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Forescout CounterACT before 8.1.4. A local privilege escalation vulnerability is present in the logging function. SecureConnector runs with administrative privileges and writes logs entries to a file in %PROGRAMDATA%\\ForeScout SecureConnector\\ that has full permissions for the Everyone group. Using a symbolic link allows an attacker to point the log file to a privileged location such as %WINDIR%\\System32. The resulting log file adopts the file permissions of the source of the symbolic link (in this case, the Everyone group). The log file in System32 can be replaced and renamed with a malicious DLL for DLL hijacking."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-14T14:56:29.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.forescout.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.adversis.io/research/2021/3/30/forescout-secure-connector-local-privilege-escalation"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jordanpotti.com/2021/03/30/forescout-priv-esc-folder-permissions/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-28098",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Forescout CounterACT before 8.1.4. A local privilege escalation vulnerability is present in the logging function. SecureConnector runs with administrative privileges and writes logs entries to a file in %PROGRAMDATA%\\ForeScout SecureConnector\\ that has full permissions for the Everyone group. Using a symbolic link allows an attacker to point the log file to a privileged location such as %WINDIR%\\System32. The resulting log file adopts the file permissions of the source of the symbolic link (in this case, the Everyone group). The log file in System32 can be replaced and renamed with a malicious DLL for DLL hijacking."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.forescout.com",
"refsource": "MISC",
"url": "https://docs.forescout.com"
},
{
"name": "https://www.adversis.io/research/2021/3/30/forescout-secure-connector-local-privilege-escalation",
"refsource": "MISC",
"url": "https://www.adversis.io/research/2021/3/30/forescout-secure-connector-local-privilege-escalation"
},
{
"name": "https://jordanpotti.com/2021/03/30/forescout-priv-esc-folder-permissions/",
"refsource": "MISC",
"url": "https://jordanpotti.com/2021/03/30/forescout-priv-esc-folder-permissions/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-28098",
"datePublished": "2021-04-14T14:56:29.000Z",
"dateReserved": "2021-03-08T00:00:00.000Z",
"dateUpdated": "2024-08-03T21:33:17.486Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9486 (GCVE-0-2016-9486)
Vulnerability from nvd – Published: 2018-07-13 20:00 – Updated: 2024-08-06 02:50
VLAI
Title
On Windows endpoints, the SecureConnector agent is vulnerable to privilege escalation whereby an authenticated unprivileged user can obtain administrator privileges on the endpoint because files are created in a folder with incorrect privileges
Summary
On Windows endpoints, the SecureConnector agent must run under the local SYSTEM account or another administrator account in order to enable full functionality of the agent. The typical configuration is for the agent to run as a Windows service under the local SYSTEM account. The SecureConnector agent runs various plugin scripts and executables on the endpoint in order to gather and report information about the host to the CounterACT management appliance. The SecureConnector agent downloads these scripts and executables as needed from the CounterACT management appliance and runs them on the endpoint. By default, these executable files are downloaded to and run from the %TEMP% directory of the currently logged on user, despite the fact that the SecureConnector agent is running as SYSTEM. Aside from the downloaded scripts, the SecureConnector agent runs a batch file with SYSTEM privileges from the temp directory of the currently logged on user. If the naming convention of this script can be derived, which is made possible by placing it in a directory to which the user has read access, it may be possible overwrite the legitimate batch file with a malicious one before SecureConnector executes it. It is possible to change this directory by setting the the configuration property config.script_run_folder.value in the local.properties configuration file on the CounterACT management appliance, however the batch file which is run does not follow this property.
Severity
No CVSS data available.
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.kb.cert.org/vuls/id/768331 | third-party-advisoryx_refsource_CERT-VN |
| http://www.securityfocus.com/bid/94740 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Windows SecureConnector agent |
Unknown:
N/A
|
Date Public
2016-12-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:50:38.432Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#768331",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/768331"
},
{
"name": "94740",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94740"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Windows SecureConnector agent",
"vendor": "Microsoft",
"versions": [
{
"status": "unknown",
"version": "N/A"
}
]
}
],
"datePublic": "2016-12-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "On Windows endpoints, the SecureConnector agent must run under the local SYSTEM account or another administrator account in order to enable full functionality of the agent. The typical configuration is for the agent to run as a Windows service under the local SYSTEM account. The SecureConnector agent runs various plugin scripts and executables on the endpoint in order to gather and report information about the host to the CounterACT management appliance. The SecureConnector agent downloads these scripts and executables as needed from the CounterACT management appliance and runs them on the endpoint. By default, these executable files are downloaded to and run from the %TEMP% directory of the currently logged on user, despite the fact that the SecureConnector agent is running as SYSTEM. Aside from the downloaded scripts, the SecureConnector agent runs a batch file with SYSTEM privileges from the temp directory of the currently logged on user. If the naming convention of this script can be derived, which is made possible by placing it in a directory to which the user has read access, it may be possible overwrite the legitimate batch file with a malicious one before SecureConnector executes it. It is possible to change this directory by setting the the configuration property config.script_run_folder.value in the local.properties configuration file on the CounterACT management appliance, however the batch file which is run does not follow this property."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-379",
"description": "CWE-379",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-14T09:57:01.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#768331",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/768331"
},
{
"name": "94740",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94740"
}
],
"solutions": [
{
"lang": "en",
"value": "The vendor has released the HPS Inspection Engine Plugin, version 10.4.1.1 to address the vulnerability."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "On Windows endpoints, the SecureConnector agent is vulnerable to privilege escalation whereby an authenticated unprivileged user can obtain administrator privileges on the endpoint because files are created in a folder with incorrect privileges",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-9486",
"STATE": "PUBLIC",
"TITLE": "On Windows endpoints, the SecureConnector agent is vulnerable to privilege escalation whereby an authenticated unprivileged user can obtain administrator privileges on the endpoint because files are created in a folder with incorrect privileges"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Windows SecureConnector agent",
"version": {
"version_data": [
{
"affected": "?",
"version_affected": "?",
"version_value": "N/A"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On Windows endpoints, the SecureConnector agent must run under the local SYSTEM account or another administrator account in order to enable full functionality of the agent. The typical configuration is for the agent to run as a Windows service under the local SYSTEM account. The SecureConnector agent runs various plugin scripts and executables on the endpoint in order to gather and report information about the host to the CounterACT management appliance. The SecureConnector agent downloads these scripts and executables as needed from the CounterACT management appliance and runs them on the endpoint. By default, these executable files are downloaded to and run from the %TEMP% directory of the currently logged on user, despite the fact that the SecureConnector agent is running as SYSTEM. Aside from the downloaded scripts, the SecureConnector agent runs a batch file with SYSTEM privileges from the temp directory of the currently logged on user. If the naming convention of this script can be derived, which is made possible by placing it in a directory to which the user has read access, it may be possible overwrite the legitimate batch file with a malicious one before SecureConnector executes it. It is possible to change this directory by setting the the configuration property config.script_run_folder.value in the local.properties configuration file on the CounterACT management appliance, however the batch file which is run does not follow this property."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-379"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#768331",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/768331"
},
{
"name": "94740",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94740"
}
]
},
"solution": [
{
"lang": "en",
"value": "The vendor has released the HPS Inspection Engine Plugin, version 10.4.1.1 to address the vulnerability."
}
],
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-9486",
"datePublished": "2018-07-13T20:00:00.000Z",
"dateReserved": "2016-11-21T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:50:38.432Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9485 (GCVE-0-2016-9485)
Vulnerability from nvd – Published: 2018-07-13 20:00 – Updated: 2024-08-06 02:50
VLAI
Title
On Windows endpoints, the SecureConnector agent is vulnerable to privilege escalation whereby an authenticated unprivileged user can obtain administrator privileges on the endpoint because it fails to set any permissions on downloaded file objects
Summary
On Windows endpoints, the SecureConnector agent must run under the local SYSTEM account or another administrator account in order to enable full functionality of the agent. The typical configuration is for the agent to run as a Windows service under the local SYSTEM account. The SecureConnector agent runs various plugin scripts and executables on the endpoint in order to gather and report information about the host to the CounterACT management appliance. The SecureConnector agent downloads these scripts and executables as needed from the CounterACT management appliance and runs them on the endpoint. The SecureConnector agent fails to set any permissions on downloaded file objects. This allows a malicious user to take ownership of any of these files and make modifications to it, regardless of where the files are saved. These files are then executed under SYSTEM privileges. A malicious unprivileged user can overwrite these executable files with malicious code before the SecureConnector agent executes them, causing the malicious code to be run under the SYSTEM account.
Severity
No CVSS data available.
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.kb.cert.org/vuls/id/768331 | third-party-advisoryx_refsource_CERT-VN |
| http://www.securityfocus.com/bid/94740 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Windows SecureConnector agent |
Unknown:
N/A
|
Date Public
2016-12-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:50:38.434Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#768331",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/768331"
},
{
"name": "94740",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94740"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Windows SecureConnector agent",
"vendor": "Microsoft",
"versions": [
{
"status": "unknown",
"version": "N/A"
}
]
}
],
"datePublic": "2016-12-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "On Windows endpoints, the SecureConnector agent must run under the local SYSTEM account or another administrator account in order to enable full functionality of the agent. The typical configuration is for the agent to run as a Windows service under the local SYSTEM account. The SecureConnector agent runs various plugin scripts and executables on the endpoint in order to gather and report information about the host to the CounterACT management appliance. The SecureConnector agent downloads these scripts and executables as needed from the CounterACT management appliance and runs them on the endpoint. The SecureConnector agent fails to set any permissions on downloaded file objects. This allows a malicious user to take ownership of any of these files and make modifications to it, regardless of where the files are saved. These files are then executed under SYSTEM privileges. A malicious unprivileged user can overwrite these executable files with malicious code before the SecureConnector agent executes them, causing the malicious code to be run under the SYSTEM account."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-378",
"description": "CWE-378",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-14T09:57:01.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#768331",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/768331"
},
{
"name": "94740",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94740"
}
],
"solutions": [
{
"lang": "en",
"value": "The vendor has released the HPS Inspection Engine Plugin, version 10.4.1.1 to address the vulnerability."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "On Windows endpoints, the SecureConnector agent is vulnerable to privilege escalation whereby an authenticated unprivileged user can obtain administrator privileges on the endpoint because it fails to set any permissions on downloaded file objects",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-9485",
"STATE": "PUBLIC",
"TITLE": "On Windows endpoints, the SecureConnector agent is vulnerable to privilege escalation whereby an authenticated unprivileged user can obtain administrator privileges on the endpoint because it fails to set any permissions on downloaded file objects"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Windows SecureConnector agent",
"version": {
"version_data": [
{
"affected": "?",
"version_affected": "?",
"version_value": "N/A"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On Windows endpoints, the SecureConnector agent must run under the local SYSTEM account or another administrator account in order to enable full functionality of the agent. The typical configuration is for the agent to run as a Windows service under the local SYSTEM account. The SecureConnector agent runs various plugin scripts and executables on the endpoint in order to gather and report information about the host to the CounterACT management appliance. The SecureConnector agent downloads these scripts and executables as needed from the CounterACT management appliance and runs them on the endpoint. The SecureConnector agent fails to set any permissions on downloaded file objects. This allows a malicious user to take ownership of any of these files and make modifications to it, regardless of where the files are saved. These files are then executed under SYSTEM privileges. A malicious unprivileged user can overwrite these executable files with malicious code before the SecureConnector agent executes them, causing the malicious code to be run under the SYSTEM account."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-378"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#768331",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/768331"
},
{
"name": "94740",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94740"
}
]
},
"solution": [
{
"lang": "en",
"value": "The vendor has released the HPS Inspection Engine Plugin, version 10.4.1.1 to address the vulnerability."
}
],
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-9485",
"datePublished": "2018-07-13T20:00:00.000Z",
"dateReserved": "2016-11-21T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:50:38.434Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-4985 (GCVE-0-2012-4985)
Vulnerability from nvd – Published: 2012-12-05 11:00 – Updated: 2024-08-06 20:50
VLAI
Summary
The Forescout CounterACT NAC device 6.3.4.1 does not block ARP and ICMP traffic from unrecognized clients, which allows remote attackers to conduct ARP poisoning attacks via crafted packets.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.reactionpenetrationtesting.co.uk/fores… | x_refsource_MISC |
| http://www.securityfocus.com/bid/56689 | vdb-entryx_refsource_BID |
| http://osvdb.org/87895 | vdb-entryx_refsource_OSVDB |
Date Public
2012-11-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:50:18.417Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "forescout-security-bypass(80284)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80284"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.reactionpenetrationtesting.co.uk/forescout-nac-icmp-arp.html"
},
{
"name": "56689",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/56689"
},
{
"name": "87895",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/87895"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-11-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Forescout CounterACT NAC device 6.3.4.1 does not block ARP and ICMP traffic from unrecognized clients, which allows remote attackers to conduct ARP poisoning attacks via crafted packets."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "forescout-security-bypass(80284)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80284"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.reactionpenetrationtesting.co.uk/forescout-nac-icmp-arp.html"
},
{
"name": "56689",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/56689"
},
{
"name": "87895",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/87895"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4985",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Forescout CounterACT NAC device 6.3.4.1 does not block ARP and ICMP traffic from unrecognized clients, which allows remote attackers to conduct ARP poisoning attacks via crafted packets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "forescout-security-bypass(80284)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80284"
},
{
"name": "http://www.reactionpenetrationtesting.co.uk/forescout-nac-icmp-arp.html",
"refsource": "MISC",
"url": "http://www.reactionpenetrationtesting.co.uk/forescout-nac-icmp-arp.html"
},
{
"name": "56689",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56689"
},
{
"name": "87895",
"refsource": "OSVDB",
"url": "http://osvdb.org/87895"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-4985",
"datePublished": "2012-12-05T11:00:00.000Z",
"dateReserved": "2012-09-19T00:00:00.000Z",
"dateUpdated": "2024-08-06T20:50:18.417Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-4983 (GCVE-0-2012-4983)
Vulnerability from nvd – Published: 2012-12-05 11:00 – Updated: 2024-08-06 20:50
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities on the Forescout CounterACT NAC device before 7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the a parameter to assets/login or (2) the query parameter to assets/rangesearch.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.reactionpenetrationtesting.co.uk/fores… | x_refsource_MISC |
| http://www.securityfocus.com/bid/56688 | vdb-entryx_refsource_BID |
Date Public
2012-11-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:50:18.521Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.reactionpenetrationtesting.co.uk/forescout-nac-xss.html"
},
{
"name": "56688",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/56688"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-11-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities on the Forescout CounterACT NAC device before 7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the a parameter to assets/login or (2) the query parameter to assets/rangesearch."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-02-26T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.reactionpenetrationtesting.co.uk/forescout-nac-xss.html"
},
{
"name": "56688",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/56688"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4983",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities on the Forescout CounterACT NAC device before 7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the a parameter to assets/login or (2) the query parameter to assets/rangesearch."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.reactionpenetrationtesting.co.uk/forescout-nac-xss.html",
"refsource": "MISC",
"url": "http://www.reactionpenetrationtesting.co.uk/forescout-nac-xss.html"
},
{
"name": "56688",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56688"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-4983",
"datePublished": "2012-12-05T11:00:00.000Z",
"dateReserved": "2012-09-19T00:00:00.000Z",
"dateUpdated": "2024-08-06T20:50:18.521Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-4982 (GCVE-0-2012-4982)
Vulnerability from nvd – Published: 2012-12-05 11:00 – Updated: 2024-08-06 20:50
VLAI
Summary
Open redirect vulnerability in assets/login on the Forescout CounterACT NAC device before 7.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the a parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.reactionpenetrationtesting.co.uk/fores… | x_refsource_MISC |
| http://www.securityfocus.com/bid/56687 | vdb-entryx_refsource_BID |
Date Public
2012-11-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:50:18.323Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.reactionpenetrationtesting.co.uk/forescout-cross-site-redirection.html"
},
{
"name": "56687",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/56687"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-11-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in assets/login on the Forescout CounterACT NAC device before 7.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the a parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-02-26T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.reactionpenetrationtesting.co.uk/forescout-cross-site-redirection.html"
},
{
"name": "56687",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/56687"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4982",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in assets/login on the Forescout CounterACT NAC device before 7.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the a parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.reactionpenetrationtesting.co.uk/forescout-cross-site-redirection.html",
"refsource": "MISC",
"url": "http://www.reactionpenetrationtesting.co.uk/forescout-cross-site-redirection.html"
},
{
"name": "56687",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56687"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-4982",
"datePublished": "2012-12-05T11:00:00.000Z",
"dateReserved": "2012-09-19T00:00:00.000Z",
"dateUpdated": "2024-08-06T20:50:18.323Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1825 (GCVE-0-2012-1825)
Vulnerability from nvd – Published: 2012-06-11 23:00 – Updated: 2024-09-17 04:04
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the status program on the ForeScout CounterACT appliance with software 6.3.3.2 through 6.3.4.10 allow remote attackers to inject arbitrary web script or HTML via (1) the loginname parameter in a forgotpass action or (2) the username parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.kb.cert.org/vuls/id/815532 | third-party-advisoryx_refsource_CERT-VN |
| http://www.kb.cert.org/vuls/id/MAPG-8TWMEJ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:08:38.689Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#815532",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/815532"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/MAPG-8TWMEJ"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the status program on the ForeScout CounterACT appliance with software 6.3.3.2 through 6.3.4.10 allow remote attackers to inject arbitrary web script or HTML via (1) the loginname parameter in a forgotpass action or (2) the username parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-06-11T23:00:00.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#815532",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/815532"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kb.cert.org/vuls/id/MAPG-8TWMEJ"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2012-1825",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the status program on the ForeScout CounterACT appliance with software 6.3.3.2 through 6.3.4.10 allow remote attackers to inject arbitrary web script or HTML via (1) the loginname parameter in a forgotpass action or (2) the username parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#815532",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/815532"
},
{
"name": "http://www.kb.cert.org/vuls/id/MAPG-8TWMEJ",
"refsource": "CONFIRM",
"url": "http://www.kb.cert.org/vuls/id/MAPG-8TWMEJ"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2012-1825",
"datePublished": "2012-06-11T23:00:00.000Z",
"dateReserved": "2012-03-21T00:00:00.000Z",
"dateUpdated": "2024-09-17T04:04:35.639Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-4660 (GCVE-0-2025-4660)
Vulnerability from cvelistv5 – Published: 2025-05-13 17:34 – Updated: 2025-08-21 15:14
VLAI
Title
Remote Code Execution in Windows Secure Connector/ HPS Inspection Engine via Insecure Named Pipe Access
Summary
A remote code execution vulnerability exists in the Windows agent component of SecureConnector due to improper access controls on a named pipe. The pipe is accessible to the Everyone group and does not restrict remote connections, allowing any network-based attacker to connect without authentication. By interacting with this pipe, an attacker can redirect the agent to communicate with a rogue server that can issue commands via the SecureConnector Agent.
This does not impact Linux or OSX Secure Connector.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Forescout | SecureConnector |
Affected:
0 , ≤ 11.3.6
(custom)
Unaffected: 11.3.7 (custom) |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4660",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-13T18:35:04.445621Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T18:35:12.394Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "SecureConnector",
"vendor": "Forescout",
"versions": [
{
"lessThanOrEqual": "11.3.6",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "11.3.7",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Pen Test Partners"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\n\n\u003c/p\u003e\u003cp\u003eA remote code execution vulnerability exists in the Windows agent component of SecureConnector\u0026nbsp;due to improper access controls on a named pipe. The pipe is accessible to the \u003cstrong\u003eEveryone\u003c/strong\u003e group and does not restrict \u003cstrong\u003eremote connections\u003c/strong\u003e, allowing any network-based attacker to connect without authentication. By interacting with this pipe, an attacker can redirect the agent to communicate with a rogue server that can issue commands via the SecureConnector Agent.\u0026nbsp;\u003cbr\u003e\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(24, 26, 27);\"\u003eThis does not impact Linux or OSX Secure Connector. \u003c/span\u003e\n\n\u003cbr\u003e\u003c/p\u003e\n\n\n\u003cp\u003e\u003c/p\u003e"
}
],
"value": "A remote code execution vulnerability exists in the Windows agent component of SecureConnector\u00a0due to improper access controls on a named pipe. The pipe is accessible to the Everyone group and does not restrict remote connections, allowing any network-based attacker to connect without authentication. By interacting with this pipe, an attacker can redirect the agent to communicate with a rogue server that can issue commands via the SecureConnector Agent.\u00a0\n\n\n\nThis does not impact Linux or OSX Secure Connector."
}
],
"impacts": [
{
"capecId": "CAPEC-549",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-549 Local Execution of Code"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/AU:Y/R:U/V:C/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-21T15:14:15.922Z",
"orgId": "a14582b7-06f4-4d66-8e82-3d7ba3739e88",
"shortName": "Forescout"
},
"references": [
{
"url": "https://forescout.my.site.com/support/s/article/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Remote Code Execution in Windows Secure Connector/\u00a0HPS Inspection Engine via Insecure Named Pipe Access",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a14582b7-06f4-4d66-8e82-3d7ba3739e88",
"assignerShortName": "Forescout",
"cveId": "CVE-2025-4660",
"datePublished": "2025-05-13T17:34:53.955Z",
"dateReserved": "2025-05-13T17:34:31.059Z",
"dateUpdated": "2025-08-21T15:14:15.922Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-9950 (GCVE-0-2024-9950)
Vulnerability from cvelistv5 – Published: 2025-01-02 15:40 – Updated: 2025-06-03 13:49
VLAI
Title
Abuse of Unauthenticated Compliance Recheck in SecureConnector
Summary
A vulnerability in Forescout SecureConnector v11.3.07.0109 on Windows allows
unauthenticated user to modify compliance scripts due to insecure temporary directory.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.forescout.com/ |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Forescout | SecureConnector |
Affected:
v11.3.07.0109 , ≤ v11.3.11
(custom)
|
Date Public
2024-11-01 21:09
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9950",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-02T17:37:14.368429Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-02T17:37:36.857Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "SecureConnector",
"vendor": "Forescout",
"versions": [
{
"lessThanOrEqual": "v11.3.11",
"status": "affected",
"version": "v11.3.07.0109",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Owen Jeanes"
}
],
"datePublic": "2024-11-01T21:09:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability in Forescout SecureConnector v11.3.07.0109\u0026nbsp;on Windows allows \n\nunauthenticated user to modify compliance scripts due to insecure temporary directory.\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cbr\u003e\u003c/span\u003e"
}
],
"value": "A vulnerability in Forescout SecureConnector v11.3.07.0109\u00a0on Windows allows \n\nunauthenticated user to modify compliance scripts due to insecure temporary directory."
}
],
"impacts": [
{
"capecId": "CAPEC-23",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-23 File Content Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:L/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-379",
"description": "CWE-379",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-03T13:49:49.865Z",
"orgId": "a14582b7-06f4-4d66-8e82-3d7ba3739e88",
"shortName": "Forescout"
},
"references": [
{
"url": "https://support.forescout.com/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Abuse of Unauthenticated Compliance Recheck in SecureConnector",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a14582b7-06f4-4d66-8e82-3d7ba3739e88",
"assignerShortName": "Forescout",
"cveId": "CVE-2024-9950",
"datePublished": "2025-01-02T15:40:36.374Z",
"dateReserved": "2024-10-14T19:24:59.804Z",
"dateUpdated": "2025-06-03T13:49:49.865Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-9949 (GCVE-0-2024-9949)
Vulnerability from cvelistv5 – Published: 2024-10-23 17:37 – Updated: 2024-11-07 16:36
VLAI
Title
Denial of Service in Forescout SecureConnector
Summary
Denial of Service in Forescout SecureConnector 11.1.02.1019 on Windows allows Unprivileged user to corrupt the configuration file and cause Denial of Service in the application.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1188 - Insecure Default Initialization of Resource
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Forescout | SecureConnector |
Affected:
11.1.02.1019 , ≤ 11.3.5
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9949",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-24T14:51:06.339003Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-24T14:51:20.477Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "SecureConnector",
"vendor": "Forescout",
"versions": [
{
"changes": [
{
"at": "11.3.6",
"status": "unaffected"
}
],
"lessThanOrEqual": "11.3.5",
"status": "affected",
"version": "11.1.02.1019",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Denial of Service in Forescout SecureConnector\u0026nbsp;11.1.02.1019 on Windows allows Unprivileged user to corrupt the configuration file and cause Denial of Service in the application.\u0026nbsp;"
}
],
"value": "Denial of Service in Forescout SecureConnector\u00a011.1.02.1019 on Windows allows Unprivileged user to corrupt the configuration file and cause Denial of Service in the application."
}
],
"impacts": [
{
"capecId": "CAPEC-234",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-234 Hijacking a privileged process"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1188",
"description": "CWE-1188 Insecure Default Initialization of Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T16:36:26.432Z",
"orgId": "a14582b7-06f4-4d66-8e82-3d7ba3739e88",
"shortName": "Forescout"
},
"references": [
{
"url": "https://forescout.my.site.com/support/s/article/High-Severity-Vulnerability-in-Secure-Connector-HPS-Inspection-Engine-v11-3-5-and-lower"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Denial of Service in Forescout SecureConnector",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a14582b7-06f4-4d66-8e82-3d7ba3739e88",
"assignerShortName": "Forescout",
"cveId": "CVE-2024-9949",
"datePublished": "2024-10-23T17:37:42.978Z",
"dateReserved": "2024-10-14T18:53:58.941Z",
"dateUpdated": "2024-11-07T16:36:26.432Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-22795 (GCVE-0-2024-22795)
Vulnerability from cvelistv5 – Published: 2024-02-08 00:00 – Updated: 2026-02-26 21:58
VLAI
Summary
Insecure Permissions vulnerability in Forescout SecureConnector v.11.3.06.0063 allows a local attacker to escalate privileges via the Recheck Compliance Status component.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-269 - Improper Privilege Management
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:51:11.051Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.forescout.com/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Hagrid29/ForeScout-SecureConnector-EoP"
},
{
"tags": [
"x_transferred"
],
"url": "https://gist.github.com/Hagrid29/aea0dc35a1e87813dbbb7b317853d023"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-22795",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-08T20:31:28.621520Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T21:58:55.678Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insecure Permissions vulnerability in Forescout SecureConnector v.11.3.06.0063 allows a local attacker to escalate privileges via the Recheck Compliance Status component."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-08T18:21:43.639Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.forescout.com/"
},
{
"url": "https://github.com/Hagrid29/ForeScout-SecureConnector-EoP"
},
{
"url": "https://gist.github.com/Hagrid29/aea0dc35a1e87813dbbb7b317853d023"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-22795",
"datePublished": "2024-02-08T00:00:00.000Z",
"dateReserved": "2024-01-11T00:00:00.000Z",
"dateUpdated": "2026-02-26T21:58:55.678Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-39374 (GCVE-0-2023-39374)
Vulnerability from cvelistv5 – Published: 2023-09-03 14:48 – Updated: 2024-10-01 14:21
VLAI
Title
ForeScout NAC SecureConnector – CWE-427: Uncontrolled Search Path Element
Summary
ForeScout NAC SecureConnector version 11.2 - CWE-427: Uncontrolled Search Path Element
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ForeScout | NAC SecureConnector |
Unknown:
version 11.2 , < Upgrade to Endpoint Module (SecureConnector) Release 1.4.5
(custom)
|
Date Public
2023-09-03 13:42
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:10:20.296Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.gov.il/en/Departments/faq/cve_advisories"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39374",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-01T14:21:08.046932Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-01T14:21:15.498Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "NAC SecureConnector",
"vendor": " ForeScout",
"versions": [
{
"lessThan": "Upgrade to Endpoint Module (SecureConnector) Release 1.4.5",
"status": "unknown",
"version": "version 11.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Victor Herrera"
}
],
"datePublic": "2023-09-03T13:42:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eForeScout NAC SecureConnector version 11.2 -\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCWE-427: Uncontrolled Search Path Element\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "\nForeScout NAC SecureConnector version 11.2 -\u00a0CWE-427: Uncontrolled Search Path Element\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-03T14:48:58.280Z",
"orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"shortName": "INCD"
},
"references": [
{
"url": "https://www.gov.il/en/Departments/faq/cve_advisories"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpgrade to Endpoint Module (SecureConnector) Release 1.4.5\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "\nUpgrade to Endpoint Module (SecureConnector) Release 1.4.5\n\n\n"
}
],
"source": {
"advisory": "ILVN-2023-0131",
"discovery": "UNKNOWN"
},
"title": " ForeScout NAC SecureConnector \u2013 CWE-427: Uncontrolled Search Path Element",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"assignerShortName": "INCD",
"cveId": "CVE-2023-39374",
"datePublished": "2023-09-03T14:48:58.280Z",
"dateReserved": "2023-07-30T10:41:13.579Z",
"dateUpdated": "2024-10-01T14:21:15.498Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-36724 (GCVE-0-2021-36724)
Vulnerability from cvelistv5 – Published: 2021-12-29 17:02 – Updated: 2024-09-16 20:07
VLAI
Title
ForeScout - SecureConnector Local Service DoS
Summary
ForeScout - SecureConnector Local Service DoS - A low privilaged user which doesn't have permissions to shutdown the secure connector service writes a large amount of characters in the installationPath. This will cause the buffer to overflow and override the stack cookie causing the service to crash.
Severity
6.1 (Medium)
CWE
- Local Service DoS
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.gov.il/en/departments/faq/cve_advisories | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ForeScout | eServices / eNvoice |
Affected:
SecureConnector 11.0.4.1024
|
Date Public
2021-12-28 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:01:58.922Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.gov.il/en/departments/faq/cve_advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "eServices / eNvoice",
"vendor": "ForeScout",
"versions": [
{
"status": "affected",
"version": "SecureConnector 11.0.4.1024"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Alex Katziv - Novartis"
}
],
"datePublic": "2021-12-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "ForeScout - SecureConnector Local Service DoS - A low privilaged user which doesn\u0027t have permissions to shutdown the secure connector service writes a large amount of characters in the installationPath. This will cause the buffer to overflow and override the stack cookie causing the service to crash."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Local Service DoS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-29T17:02:42.000Z",
"orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"shortName": "INCD"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.gov.il/en/departments/faq/cve_advisories"
}
],
"solutions": [
{
"lang": "en",
"value": "HotFix was released"
}
],
"source": {
"advisory": "ILVN-2021-0009",
"defect": [
"ILVN-2021-0009"
],
"discovery": "EXTERNAL"
},
"title": "ForeScout - SecureConnector Local Service DoS",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@cyber.gov.il",
"DATE_PUBLIC": "2021-12-28T11:43:00.000Z",
"ID": "CVE-2021-36724",
"STATE": "PUBLIC",
"TITLE": "ForeScout - SecureConnector Local Service DoS"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "eServices / eNvoice",
"version": {
"version_data": [
{
"version_name": "SecureConnector",
"version_value": "11.0.4.1024"
}
]
}
}
]
},
"vendor_name": "ForeScout"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Alex Katziv - Novartis"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ForeScout - SecureConnector Local Service DoS - A low privilaged user which doesn\u0027t have permissions to shutdown the secure connector service writes a large amount of characters in the installationPath. This will cause the buffer to overflow and override the stack cookie causing the service to crash."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Local Service DoS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.gov.il/en/departments/faq/cve_advisories",
"refsource": "CONFIRM",
"url": "https://www.gov.il/en/departments/faq/cve_advisories"
}
]
},
"solution": [
{
"lang": "en",
"value": "HotFix was released"
}
],
"source": {
"advisory": "ILVN-2021-0009",
"defect": [
"ILVN-2021-0009"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"assignerShortName": "INCD",
"cveId": "CVE-2021-36724",
"datePublished": "2021-12-29T17:02:42.726Z",
"dateReserved": "2021-07-12T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:07:01.981Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28098 (GCVE-0-2021-28098)
Vulnerability from cvelistv5 – Published: 2021-04-14 14:56 – Updated: 2024-08-03 21:33
VLAI
Summary
An issue was discovered in Forescout CounterACT before 8.1.4. A local privilege escalation vulnerability is present in the logging function. SecureConnector runs with administrative privileges and writes logs entries to a file in %PROGRAMDATA%\ForeScout SecureConnector\ that has full permissions for the Everyone group. Using a symbolic link allows an attacker to point the log file to a privileged location such as %WINDIR%\System32. The resulting log file adopts the file permissions of the source of the symbolic link (in this case, the Everyone group). The log file in System32 can be replaced and renamed with a malicious DLL for DLL hijacking.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://docs.forescout.com | x_refsource_MISC |
| https://www.adversis.io/research/2021/3/30/foresc… | x_refsource_MISC |
| https://jordanpotti.com/2021/03/30/forescout-priv… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:33:17.486Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.forescout.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.adversis.io/research/2021/3/30/forescout-secure-connector-local-privilege-escalation"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jordanpotti.com/2021/03/30/forescout-priv-esc-folder-permissions/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Forescout CounterACT before 8.1.4. A local privilege escalation vulnerability is present in the logging function. SecureConnector runs with administrative privileges and writes logs entries to a file in %PROGRAMDATA%\\ForeScout SecureConnector\\ that has full permissions for the Everyone group. Using a symbolic link allows an attacker to point the log file to a privileged location such as %WINDIR%\\System32. The resulting log file adopts the file permissions of the source of the symbolic link (in this case, the Everyone group). The log file in System32 can be replaced and renamed with a malicious DLL for DLL hijacking."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-14T14:56:29.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.forescout.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.adversis.io/research/2021/3/30/forescout-secure-connector-local-privilege-escalation"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jordanpotti.com/2021/03/30/forescout-priv-esc-folder-permissions/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-28098",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Forescout CounterACT before 8.1.4. A local privilege escalation vulnerability is present in the logging function. SecureConnector runs with administrative privileges and writes logs entries to a file in %PROGRAMDATA%\\ForeScout SecureConnector\\ that has full permissions for the Everyone group. Using a symbolic link allows an attacker to point the log file to a privileged location such as %WINDIR%\\System32. The resulting log file adopts the file permissions of the source of the symbolic link (in this case, the Everyone group). The log file in System32 can be replaced and renamed with a malicious DLL for DLL hijacking."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.forescout.com",
"refsource": "MISC",
"url": "https://docs.forescout.com"
},
{
"name": "https://www.adversis.io/research/2021/3/30/forescout-secure-connector-local-privilege-escalation",
"refsource": "MISC",
"url": "https://www.adversis.io/research/2021/3/30/forescout-secure-connector-local-privilege-escalation"
},
{
"name": "https://jordanpotti.com/2021/03/30/forescout-priv-esc-folder-permissions/",
"refsource": "MISC",
"url": "https://jordanpotti.com/2021/03/30/forescout-priv-esc-folder-permissions/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-28098",
"datePublished": "2021-04-14T14:56:29.000Z",
"dateReserved": "2021-03-08T00:00:00.000Z",
"dateUpdated": "2024-08-03T21:33:17.486Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9485 (GCVE-0-2016-9485)
Vulnerability from cvelistv5 – Published: 2018-07-13 20:00 – Updated: 2024-08-06 02:50
VLAI
Title
On Windows endpoints, the SecureConnector agent is vulnerable to privilege escalation whereby an authenticated unprivileged user can obtain administrator privileges on the endpoint because it fails to set any permissions on downloaded file objects
Summary
On Windows endpoints, the SecureConnector agent must run under the local SYSTEM account or another administrator account in order to enable full functionality of the agent. The typical configuration is for the agent to run as a Windows service under the local SYSTEM account. The SecureConnector agent runs various plugin scripts and executables on the endpoint in order to gather and report information about the host to the CounterACT management appliance. The SecureConnector agent downloads these scripts and executables as needed from the CounterACT management appliance and runs them on the endpoint. The SecureConnector agent fails to set any permissions on downloaded file objects. This allows a malicious user to take ownership of any of these files and make modifications to it, regardless of where the files are saved. These files are then executed under SYSTEM privileges. A malicious unprivileged user can overwrite these executable files with malicious code before the SecureConnector agent executes them, causing the malicious code to be run under the SYSTEM account.
Severity
No CVSS data available.
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.kb.cert.org/vuls/id/768331 | third-party-advisoryx_refsource_CERT-VN |
| http://www.securityfocus.com/bid/94740 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Windows SecureConnector agent |
Unknown:
N/A
|
Date Public
2016-12-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:50:38.434Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#768331",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/768331"
},
{
"name": "94740",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94740"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Windows SecureConnector agent",
"vendor": "Microsoft",
"versions": [
{
"status": "unknown",
"version": "N/A"
}
]
}
],
"datePublic": "2016-12-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "On Windows endpoints, the SecureConnector agent must run under the local SYSTEM account or another administrator account in order to enable full functionality of the agent. The typical configuration is for the agent to run as a Windows service under the local SYSTEM account. The SecureConnector agent runs various plugin scripts and executables on the endpoint in order to gather and report information about the host to the CounterACT management appliance. The SecureConnector agent downloads these scripts and executables as needed from the CounterACT management appliance and runs them on the endpoint. The SecureConnector agent fails to set any permissions on downloaded file objects. This allows a malicious user to take ownership of any of these files and make modifications to it, regardless of where the files are saved. These files are then executed under SYSTEM privileges. A malicious unprivileged user can overwrite these executable files with malicious code before the SecureConnector agent executes them, causing the malicious code to be run under the SYSTEM account."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-378",
"description": "CWE-378",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-14T09:57:01.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#768331",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/768331"
},
{
"name": "94740",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94740"
}
],
"solutions": [
{
"lang": "en",
"value": "The vendor has released the HPS Inspection Engine Plugin, version 10.4.1.1 to address the vulnerability."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "On Windows endpoints, the SecureConnector agent is vulnerable to privilege escalation whereby an authenticated unprivileged user can obtain administrator privileges on the endpoint because it fails to set any permissions on downloaded file objects",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-9485",
"STATE": "PUBLIC",
"TITLE": "On Windows endpoints, the SecureConnector agent is vulnerable to privilege escalation whereby an authenticated unprivileged user can obtain administrator privileges on the endpoint because it fails to set any permissions on downloaded file objects"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Windows SecureConnector agent",
"version": {
"version_data": [
{
"affected": "?",
"version_affected": "?",
"version_value": "N/A"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On Windows endpoints, the SecureConnector agent must run under the local SYSTEM account or another administrator account in order to enable full functionality of the agent. The typical configuration is for the agent to run as a Windows service under the local SYSTEM account. The SecureConnector agent runs various plugin scripts and executables on the endpoint in order to gather and report information about the host to the CounterACT management appliance. The SecureConnector agent downloads these scripts and executables as needed from the CounterACT management appliance and runs them on the endpoint. The SecureConnector agent fails to set any permissions on downloaded file objects. This allows a malicious user to take ownership of any of these files and make modifications to it, regardless of where the files are saved. These files are then executed under SYSTEM privileges. A malicious unprivileged user can overwrite these executable files with malicious code before the SecureConnector agent executes them, causing the malicious code to be run under the SYSTEM account."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-378"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#768331",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/768331"
},
{
"name": "94740",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94740"
}
]
},
"solution": [
{
"lang": "en",
"value": "The vendor has released the HPS Inspection Engine Plugin, version 10.4.1.1 to address the vulnerability."
}
],
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-9485",
"datePublished": "2018-07-13T20:00:00.000Z",
"dateReserved": "2016-11-21T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:50:38.434Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9486 (GCVE-0-2016-9486)
Vulnerability from cvelistv5 – Published: 2018-07-13 20:00 – Updated: 2024-08-06 02:50
VLAI
Title
On Windows endpoints, the SecureConnector agent is vulnerable to privilege escalation whereby an authenticated unprivileged user can obtain administrator privileges on the endpoint because files are created in a folder with incorrect privileges
Summary
On Windows endpoints, the SecureConnector agent must run under the local SYSTEM account or another administrator account in order to enable full functionality of the agent. The typical configuration is for the agent to run as a Windows service under the local SYSTEM account. The SecureConnector agent runs various plugin scripts and executables on the endpoint in order to gather and report information about the host to the CounterACT management appliance. The SecureConnector agent downloads these scripts and executables as needed from the CounterACT management appliance and runs them on the endpoint. By default, these executable files are downloaded to and run from the %TEMP% directory of the currently logged on user, despite the fact that the SecureConnector agent is running as SYSTEM. Aside from the downloaded scripts, the SecureConnector agent runs a batch file with SYSTEM privileges from the temp directory of the currently logged on user. If the naming convention of this script can be derived, which is made possible by placing it in a directory to which the user has read access, it may be possible overwrite the legitimate batch file with a malicious one before SecureConnector executes it. It is possible to change this directory by setting the the configuration property config.script_run_folder.value in the local.properties configuration file on the CounterACT management appliance, however the batch file which is run does not follow this property.
Severity
No CVSS data available.
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.kb.cert.org/vuls/id/768331 | third-party-advisoryx_refsource_CERT-VN |
| http://www.securityfocus.com/bid/94740 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Windows SecureConnector agent |
Unknown:
N/A
|
Date Public
2016-12-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:50:38.432Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#768331",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/768331"
},
{
"name": "94740",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94740"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Windows SecureConnector agent",
"vendor": "Microsoft",
"versions": [
{
"status": "unknown",
"version": "N/A"
}
]
}
],
"datePublic": "2016-12-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "On Windows endpoints, the SecureConnector agent must run under the local SYSTEM account or another administrator account in order to enable full functionality of the agent. The typical configuration is for the agent to run as a Windows service under the local SYSTEM account. The SecureConnector agent runs various plugin scripts and executables on the endpoint in order to gather and report information about the host to the CounterACT management appliance. The SecureConnector agent downloads these scripts and executables as needed from the CounterACT management appliance and runs them on the endpoint. By default, these executable files are downloaded to and run from the %TEMP% directory of the currently logged on user, despite the fact that the SecureConnector agent is running as SYSTEM. Aside from the downloaded scripts, the SecureConnector agent runs a batch file with SYSTEM privileges from the temp directory of the currently logged on user. If the naming convention of this script can be derived, which is made possible by placing it in a directory to which the user has read access, it may be possible overwrite the legitimate batch file with a malicious one before SecureConnector executes it. It is possible to change this directory by setting the the configuration property config.script_run_folder.value in the local.properties configuration file on the CounterACT management appliance, however the batch file which is run does not follow this property."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-379",
"description": "CWE-379",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-14T09:57:01.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#768331",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/768331"
},
{
"name": "94740",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94740"
}
],
"solutions": [
{
"lang": "en",
"value": "The vendor has released the HPS Inspection Engine Plugin, version 10.4.1.1 to address the vulnerability."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "On Windows endpoints, the SecureConnector agent is vulnerable to privilege escalation whereby an authenticated unprivileged user can obtain administrator privileges on the endpoint because files are created in a folder with incorrect privileges",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-9486",
"STATE": "PUBLIC",
"TITLE": "On Windows endpoints, the SecureConnector agent is vulnerable to privilege escalation whereby an authenticated unprivileged user can obtain administrator privileges on the endpoint because files are created in a folder with incorrect privileges"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Windows SecureConnector agent",
"version": {
"version_data": [
{
"affected": "?",
"version_affected": "?",
"version_value": "N/A"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On Windows endpoints, the SecureConnector agent must run under the local SYSTEM account or another administrator account in order to enable full functionality of the agent. The typical configuration is for the agent to run as a Windows service under the local SYSTEM account. The SecureConnector agent runs various plugin scripts and executables on the endpoint in order to gather and report information about the host to the CounterACT management appliance. The SecureConnector agent downloads these scripts and executables as needed from the CounterACT management appliance and runs them on the endpoint. By default, these executable files are downloaded to and run from the %TEMP% directory of the currently logged on user, despite the fact that the SecureConnector agent is running as SYSTEM. Aside from the downloaded scripts, the SecureConnector agent runs a batch file with SYSTEM privileges from the temp directory of the currently logged on user. If the naming convention of this script can be derived, which is made possible by placing it in a directory to which the user has read access, it may be possible overwrite the legitimate batch file with a malicious one before SecureConnector executes it. It is possible to change this directory by setting the the configuration property config.script_run_folder.value in the local.properties configuration file on the CounterACT management appliance, however the batch file which is run does not follow this property."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-379"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#768331",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/768331"
},
{
"name": "94740",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94740"
}
]
},
"solution": [
{
"lang": "en",
"value": "The vendor has released the HPS Inspection Engine Plugin, version 10.4.1.1 to address the vulnerability."
}
],
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-9486",
"datePublished": "2018-07-13T20:00:00.000Z",
"dateReserved": "2016-11-21T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:50:38.432Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-4982 (GCVE-0-2012-4982)
Vulnerability from cvelistv5 – Published: 2012-12-05 11:00 – Updated: 2024-08-06 20:50
VLAI
Summary
Open redirect vulnerability in assets/login on the Forescout CounterACT NAC device before 7.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the a parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.reactionpenetrationtesting.co.uk/fores… | x_refsource_MISC |
| http://www.securityfocus.com/bid/56687 | vdb-entryx_refsource_BID |
Date Public
2012-11-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:50:18.323Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.reactionpenetrationtesting.co.uk/forescout-cross-site-redirection.html"
},
{
"name": "56687",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/56687"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-11-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in assets/login on the Forescout CounterACT NAC device before 7.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the a parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-02-26T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.reactionpenetrationtesting.co.uk/forescout-cross-site-redirection.html"
},
{
"name": "56687",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/56687"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4982",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in assets/login on the Forescout CounterACT NAC device before 7.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the a parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.reactionpenetrationtesting.co.uk/forescout-cross-site-redirection.html",
"refsource": "MISC",
"url": "http://www.reactionpenetrationtesting.co.uk/forescout-cross-site-redirection.html"
},
{
"name": "56687",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56687"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-4982",
"datePublished": "2012-12-05T11:00:00.000Z",
"dateReserved": "2012-09-19T00:00:00.000Z",
"dateUpdated": "2024-08-06T20:50:18.323Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-4985 (GCVE-0-2012-4985)
Vulnerability from cvelistv5 – Published: 2012-12-05 11:00 – Updated: 2024-08-06 20:50
VLAI
Summary
The Forescout CounterACT NAC device 6.3.4.1 does not block ARP and ICMP traffic from unrecognized clients, which allows remote attackers to conduct ARP poisoning attacks via crafted packets.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.reactionpenetrationtesting.co.uk/fores… | x_refsource_MISC |
| http://www.securityfocus.com/bid/56689 | vdb-entryx_refsource_BID |
| http://osvdb.org/87895 | vdb-entryx_refsource_OSVDB |
Date Public
2012-11-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:50:18.417Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "forescout-security-bypass(80284)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80284"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.reactionpenetrationtesting.co.uk/forescout-nac-icmp-arp.html"
},
{
"name": "56689",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/56689"
},
{
"name": "87895",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/87895"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-11-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Forescout CounterACT NAC device 6.3.4.1 does not block ARP and ICMP traffic from unrecognized clients, which allows remote attackers to conduct ARP poisoning attacks via crafted packets."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "forescout-security-bypass(80284)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80284"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.reactionpenetrationtesting.co.uk/forescout-nac-icmp-arp.html"
},
{
"name": "56689",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/56689"
},
{
"name": "87895",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/87895"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4985",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Forescout CounterACT NAC device 6.3.4.1 does not block ARP and ICMP traffic from unrecognized clients, which allows remote attackers to conduct ARP poisoning attacks via crafted packets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "forescout-security-bypass(80284)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80284"
},
{
"name": "http://www.reactionpenetrationtesting.co.uk/forescout-nac-icmp-arp.html",
"refsource": "MISC",
"url": "http://www.reactionpenetrationtesting.co.uk/forescout-nac-icmp-arp.html"
},
{
"name": "56689",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56689"
},
{
"name": "87895",
"refsource": "OSVDB",
"url": "http://osvdb.org/87895"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-4985",
"datePublished": "2012-12-05T11:00:00.000Z",
"dateReserved": "2012-09-19T00:00:00.000Z",
"dateUpdated": "2024-08-06T20:50:18.417Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-4983 (GCVE-0-2012-4983)
Vulnerability from cvelistv5 – Published: 2012-12-05 11:00 – Updated: 2024-08-06 20:50
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities on the Forescout CounterACT NAC device before 7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the a parameter to assets/login or (2) the query parameter to assets/rangesearch.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.reactionpenetrationtesting.co.uk/fores… | x_refsource_MISC |
| http://www.securityfocus.com/bid/56688 | vdb-entryx_refsource_BID |
Date Public
2012-11-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:50:18.521Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.reactionpenetrationtesting.co.uk/forescout-nac-xss.html"
},
{
"name": "56688",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/56688"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-11-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities on the Forescout CounterACT NAC device before 7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the a parameter to assets/login or (2) the query parameter to assets/rangesearch."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-02-26T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.reactionpenetrationtesting.co.uk/forescout-nac-xss.html"
},
{
"name": "56688",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/56688"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4983",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities on the Forescout CounterACT NAC device before 7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the a parameter to assets/login or (2) the query parameter to assets/rangesearch."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.reactionpenetrationtesting.co.uk/forescout-nac-xss.html",
"refsource": "MISC",
"url": "http://www.reactionpenetrationtesting.co.uk/forescout-nac-xss.html"
},
{
"name": "56688",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56688"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-4983",
"datePublished": "2012-12-05T11:00:00.000Z",
"dateReserved": "2012-09-19T00:00:00.000Z",
"dateUpdated": "2024-08-06T20:50:18.521Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1825 (GCVE-0-2012-1825)
Vulnerability from cvelistv5 – Published: 2012-06-11 23:00 – Updated: 2024-09-17 04:04
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the status program on the ForeScout CounterACT appliance with software 6.3.3.2 through 6.3.4.10 allow remote attackers to inject arbitrary web script or HTML via (1) the loginname parameter in a forgotpass action or (2) the username parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.kb.cert.org/vuls/id/815532 | third-party-advisoryx_refsource_CERT-VN |
| http://www.kb.cert.org/vuls/id/MAPG-8TWMEJ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:08:38.689Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#815532",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/815532"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/MAPG-8TWMEJ"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the status program on the ForeScout CounterACT appliance with software 6.3.3.2 through 6.3.4.10 allow remote attackers to inject arbitrary web script or HTML via (1) the loginname parameter in a forgotpass action or (2) the username parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-06-11T23:00:00.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#815532",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/815532"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kb.cert.org/vuls/id/MAPG-8TWMEJ"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2012-1825",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the status program on the ForeScout CounterACT appliance with software 6.3.3.2 through 6.3.4.10 allow remote attackers to inject arbitrary web script or HTML via (1) the loginname parameter in a forgotpass action or (2) the username parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#815532",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/815532"
},
{
"name": "http://www.kb.cert.org/vuls/id/MAPG-8TWMEJ",
"refsource": "CONFIRM",
"url": "http://www.kb.cert.org/vuls/id/MAPG-8TWMEJ"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2012-1825",
"datePublished": "2012-06-11T23:00:00.000Z",
"dateReserved": "2012-03-21T00:00:00.000Z",
"dateUpdated": "2024-09-17T04:04:35.639Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
VAR-201206-0236
Vulnerability from variot - Updated: 2025-04-11 23:03Multiple cross-site scripting (XSS) vulnerabilities in the status program on the ForeScout CounterACT appliance with software 6.3.3.2 through 6.3.4.10 allow remote attackers to inject arbitrary web script or HTML via (1) the loginname parameter in a forgotpass action or (2) the username parameter. ForeScout Provided by CounterACT Contains a cross-site scripting vulnerability. ForeScout Provided by CounterACT of Web The interface contains a cross-site scripting vulnerability. Details are provided by the developer ForeScout Security Advisory 12-01 ( Registered users only ) (http://updates.forescout.com/support) Please confirm.An arbitrary script may be executed on the user's web browser. ForeScout CounterACT is an automated security control platform. ForeScout CounterACT 'username' and 'loginname' have cross-site scripting vulnerabilities, since the input passed to the state via the \"username\" and \"loginname\" parameters is not properly filtered before returning to the user, the attacker can exploit the vulnerability in the context of the affected site. Execute arbitrary HTML and script code in the user's browser session. This can allow the attacker to steal cookie-based authentication credentials and to launch other attacks. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch
TITLE: ForeScout CounterACT "username" and "loginname" Cross-Site Scripting Vulnerabilities
SECUNIA ADVISORY ID: SA49481
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/49481/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=49481
RELEASE DATE: 2012-06-11
DISCUSS ADVISORY: http://secunia.com/advisories/49481/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/49481/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=49481
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Two vulnerabilities have been reported in ForeScout CounterACT, which can be exploited by malicious people to conduct cross-site scripting attacks.
The vulnerabilities are reported in the following versions: * 6.3.3.2 prior to Hotfix 4.12050. * 6.3.4.0 prior to Hotfix 10.0. * 6.3.4.1 prior to Hotfix 6.0. * 6.3.4.10 prior to Hotfix 1.0.
SOLUTION: Apply available hotfixes.
Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY: US-CERT credits Travis Lee
ORIGINAL ADVISORY: US-CERT: http://www.kb.cert.org/vuls/id/815532
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201206-0236",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "counteract",
"scope": "eq",
"trust": 1.9,
"vendor": "forescout",
"version": "6.3.4.10"
},
{
"model": "counteract",
"scope": "eq",
"trust": 1.9,
"vendor": "forescout",
"version": "6.3.3.2"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "forescout",
"version": null
},
{
"model": "counteract",
"scope": "lt",
"trust": 0.8,
"vendor": "forescout",
"version": "6.3.3.2 hotfix 4.12050 earlier"
},
{
"model": "counteract",
"scope": "lt",
"trust": 0.8,
"vendor": "forescout",
"version": "6.3.4.0 hotfix 10.0 earlier"
},
{
"model": "counteract",
"scope": "lt",
"trust": 0.8,
"vendor": "forescout",
"version": "6.3.4.1 hotfix 6.0 earlier"
},
{
"model": "counteract",
"scope": "lt",
"trust": 0.8,
"vendor": "forescout",
"version": "6.3.4.10 hotfix 1.0 earlier"
},
{
"model": "counteract",
"scope": "eq",
"trust": 0.6,
"vendor": "forescout",
"version": "6.x"
},
{
"model": "counteract",
"scope": "eq",
"trust": 0.3,
"vendor": "forescout",
"version": "6.3.4.1"
},
{
"model": "counteract",
"scope": "eq",
"trust": 0.3,
"vendor": "forescout",
"version": "6.3.4.0"
},
{
"model": "counteract",
"scope": "eq",
"trust": 0.3,
"vendor": "forescout",
"version": "0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "counteract",
"version": "6.3.3.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "counteract",
"version": "6.3.4.10"
}
],
"sources": [
{
"db": "IVD",
"id": "c3bed81e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CERT/CC",
"id": "VU#815532"
},
{
"db": "CNVD",
"id": "CNVD-2012-3126"
},
{
"db": "BID",
"id": "53889"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002652"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-144"
},
{
"db": "NVD",
"id": "CVE-2012-1825"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:forescout:counteract",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-002652"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Travis Lee",
"sources": [
{
"db": "BID",
"id": "53889"
}
],
"trust": 0.3
},
"cve": "CVE-2012-1825",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2012-1825",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT DEFINED",
"baseScore": 4.3,
"collateralDamagePotential": "NOT DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT DEFINED",
"enviromentalScore": 3.4,
"exploitability": "PROOF-OF-CONCEPT",
"exploitabilityScore": 8.6,
"id": "CVE-2012-1825",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT DEFINED",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "OFFICIAL FIX",
"reportConfidence": "CONFIRMED",
"severity": "MEDIUM",
"targetDistribution": "NOT DEFINED",
"trust": 0.8,
"userInteractionRequired": null,
"vector_string": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "c3bed81e-2353-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2012-1825",
"trust": 1.6,
"value": "MEDIUM"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2012-1825",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201206-144",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "c3bed81e-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "c3bed81e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CERT/CC",
"id": "VU#815532"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002652"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-144"
},
{
"db": "NVD",
"id": "CVE-2012-1825"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site scripting (XSS) vulnerabilities in the status program on the ForeScout CounterACT appliance with software 6.3.3.2 through 6.3.4.10 allow remote attackers to inject arbitrary web script or HTML via (1) the loginname parameter in a forgotpass action or (2) the username parameter. ForeScout Provided by CounterACT Contains a cross-site scripting vulnerability. ForeScout Provided by CounterACT of Web The interface contains a cross-site scripting vulnerability. Details are provided by the developer ForeScout Security Advisory 12-01 ( Registered users only ) (http://updates.forescout.com/support) Please confirm.An arbitrary script may be executed on the user\u0027s web browser. ForeScout CounterACT is an automated security control platform. ForeScout CounterACT \u0027username\u0027 and \u0027loginname\u0027 have cross-site scripting vulnerabilities, since the input passed to the state via the \\\"username\\\" and \\\"loginname\\\" parameters is not properly filtered before returning to the user, the attacker can exploit the vulnerability in the context of the affected site. Execute arbitrary HTML and script code in the user\u0027s browser session. This can allow the attacker to steal cookie-based authentication credentials and to launch other attacks. ----------------------------------------------------------------------\n\nBecome a PSI 3.0 beta tester!\nTest-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. \nDownload it here!\nhttp://secunia.com/psi_30_beta_launch\n\n----------------------------------------------------------------------\n\nTITLE:\nForeScout CounterACT \"username\" and \"loginname\" Cross-Site Scripting\nVulnerabilities\n\nSECUNIA ADVISORY ID:\nSA49481\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/49481/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49481\n\nRELEASE DATE:\n2012-06-11\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/49481/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/49481/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49481\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nTwo vulnerabilities have been reported in ForeScout CounterACT, which\ncan be exploited by malicious people to conduct cross-site scripting\nattacks. \n\nThe vulnerabilities are reported in the following versions:\n* 6.3.3.2 prior to Hotfix 4.12050. \n* 6.3.4.0 prior to Hotfix 10.0. \n* 6.3.4.1 prior to Hotfix 6.0. \n* 6.3.4.10 prior to Hotfix 1.0. \n\nSOLUTION:\nApply available hotfixes. \n\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nPROVIDED AND/OR DISCOVERED BY:\nUS-CERT credits Travis Lee\n\nORIGINAL ADVISORY:\nUS-CERT:\nhttp://www.kb.cert.org/vuls/id/815532\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-1825"
},
{
"db": "CERT/CC",
"id": "VU#815532"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002652"
},
{
"db": "CNVD",
"id": "CNVD-2012-3126"
},
{
"db": "BID",
"id": "53889"
},
{
"db": "IVD",
"id": "c3bed81e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "PACKETSTORM",
"id": "113491"
}
],
"trust": 3.42
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.kb.cert.org/vuls/id/815532",
"trust": 0.8,
"type": "poc"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#815532"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#815532",
"trust": 4.2
},
{
"db": "NVD",
"id": "CVE-2012-1825",
"trust": 3.5
},
{
"db": "CNVD",
"id": "CNVD-2012-3126",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201206-144",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002652",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "49481",
"trust": 0.8
},
{
"db": "BID",
"id": "53889",
"trust": 0.3
},
{
"db": "IVD",
"id": "C3BED81E-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "113491",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "c3bed81e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CERT/CC",
"id": "VU#815532"
},
{
"db": "CNVD",
"id": "CNVD-2012-3126"
},
{
"db": "BID",
"id": "53889"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002652"
},
{
"db": "PACKETSTORM",
"id": "113491"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-144"
},
{
"db": "NVD",
"id": "CVE-2012-1825"
}
]
},
"id": "VAR-201206-0236",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "c3bed81e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-3126"
}
],
"trust": 0.08
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "c3bed81e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-3126"
}
]
},
"last_update_date": "2025-04-11T23:03:07.327000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ForeScout Customer Support Portal (\u767b\u9332\u30e6\u30fc\u30b6\u306e\u307f)",
"trust": 0.8,
"url": "http://updates.forescout.com/support"
},
{
"title": "ForeScout CounterACT \u0027username\u0027 and \u0027loginname\u0027 cross-site scripting vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/17914"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-3126"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002652"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-002652"
},
{
"db": "NVD",
"id": "CVE-2012-1825"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://www.kb.cert.org/vuls/id/815532"
},
{
"trust": 2.4,
"url": "http://www.kb.cert.org/vuls/id/mapg-8twmej"
},
{
"trust": 0.8,
"url": "http://updates.forescout.com/support"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/79.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1825"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu815532/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1825"
},
{
"trust": 0.6,
"url": "http://www.kb.cert.org/vuls/id/815532http"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/49481"
},
{
"trust": 0.3,
"url": "http://www.forescout.com/product/"
},
{
"trust": 0.1,
"url": "http://secunia.com/psi_30_beta_launch"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/49481/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49481"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/49481/#comments"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#815532"
},
{
"db": "CNVD",
"id": "CNVD-2012-3126"
},
{
"db": "BID",
"id": "53889"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002652"
},
{
"db": "PACKETSTORM",
"id": "113491"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-144"
},
{
"db": "NVD",
"id": "CVE-2012-1825"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "c3bed81e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CERT/CC",
"id": "VU#815532"
},
{
"db": "CNVD",
"id": "CNVD-2012-3126"
},
{
"db": "BID",
"id": "53889"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002652"
},
{
"db": "PACKETSTORM",
"id": "113491"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-144"
},
{
"db": "NVD",
"id": "CVE-2012-1825"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-06-13T00:00:00",
"db": "IVD",
"id": "c3bed81e-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2012-06-08T00:00:00",
"db": "CERT/CC",
"id": "VU#815532"
},
{
"date": "2012-06-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-3126"
},
{
"date": "2012-06-08T00:00:00",
"db": "BID",
"id": "53889"
},
{
"date": "2012-06-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-002652"
},
{
"date": "2012-06-11T03:15:23",
"db": "PACKETSTORM",
"id": "113491"
},
{
"date": "2012-06-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201206-144"
},
{
"date": "2012-06-11T23:55:00.970000",
"db": "NVD",
"id": "CVE-2012-1825"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-05-15T00:00:00",
"db": "CERT/CC",
"id": "VU#815532"
},
{
"date": "2012-06-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-3126"
},
{
"date": "2012-06-08T00:00:00",
"db": "BID",
"id": "53889"
},
{
"date": "2012-06-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-002652"
},
{
"date": "2012-06-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201206-144"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2012-1825"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201206-144"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ForeScout CounterACT Cross-site scripting vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-002652"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-144"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "xss",
"sources": [
{
"db": "PACKETSTORM",
"id": "113491"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-144"
}
],
"trust": 0.7
}
}