Forescout: >> Secureconnector >> 11.3.06.0063 Security Vulnerabilities
A remote code execution vulnerability exists in the Windows agent component of SecureConnector due to improper access controls on a named pipe. The pipe is accessible to the Everyone group and does not restrict remote connections, allowing any network-based attacker to connect without authentication. By interacting with this pipe, an attacker can redirect the agent to communicate with a rogue server that can issue commands via the SecureConnector Agent.
This does not impact Linux or OSX Secure Connector.
CVSS Score
9.8
EPSS Score
0.002
Published
2025-05-13
Insecure Permissions vulnerability in Forescout SecureConnector v.11.3.06.0063 allows a local attacker to escalate privileges via the Recheck Compliance Status component.
CVSS Score
7.0
EPSS Score
0.001
Published
2024-02-08