Forescout: >> Secureconnector >> 11.2 Security Vulnerabilities
A remote code execution vulnerability exists in the Windows agent component of SecureConnector due to improper access controls on a named pipe. The pipe is accessible to the Everyone group and does not restrict remote connections, allowing any network-based attacker to connect without authentication. By interacting with this pipe, an attacker can redirect the agent to communicate with a rogue server that can issue commands via the SecureConnector Agent.
This does not impact Linux or OSX Secure Connector.
CVSS Score
9.8
EPSS Score
0.002
Published
2025-05-13
ForeScout NAC SecureConnector version 11.2 - CWE-427: Uncontrolled Search Path Element
CVSS Score
7.8
EPSS Score
0.001
Published
2023-09-03