CVE-2024-9950

High

Published: 02 January 2025

Published

02 January 2025

Modified

17 October 2025

KEV Added

—

Patch

—

CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0177 82.7th percentile

Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Description

A vulnerability in Forescout SecureConnector v11.3.07.0109 on Windows allows unauthenticated user to modify compliance scripts due to insecure temporary directory.

Security Summary

CVE-2024-9950 is a vulnerability in Forescout SecureConnector version 11.3.07.0109 on Windows that allows an unauthenticated user to modify compliance scripts due to an insecure temporary directory. Published on January 2, 2025, it has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and is associated with CWE-379 (Creation of Temporary File in Directory with Insecure Permissions).

A local attacker with low privileges can exploit this vulnerability with low complexity and no user interaction required. By leveraging the insecure temporary directory, the attacker can modify compliance scripts, potentially leading to high confidentiality, integrity, and availability impacts, such as unauthorized code execution or disruption of compliance enforcement.

For mitigation details, refer to the Forescout support page at https://support.forescout.com/.

Details

CWE(s): CWE-379

Affected Products

forescout

secureconnector

11.3.07.0109 — 11.3.12

References

https://support.forescout.com/
Permissions Required, Vendor Advisory · a14582b7-06f4-4d66-8e82-3d7ba3739e88