CVE-2024-22795 (Arbitrary File Delete that Leads to Privilege Escalation on Forescout SecureConnector)
Forescout SecureConnector
11.3.06.0063
SecureConnector.exe
On Windows system, it was found that ForeScout SecureConnector (version 11.3.06.0063) perform privileged operation, such as creating, executing and deleting files, within a folder owned by an unprivileged user.
A malicious user is able to achieve privilege escalation by winning race condition to modify a script file that will be executed by SecureConnector; or by exploiting arbitrary file delete with symbolic link attack.
This vulnerability is patched since Forescout SecureConnector 11.3.7.
- 10/30/2023 - Vulnerability reported to Forescout
- 11/30/2023 - ForeScout confirmed that it was an issue reported by another pentester two months ago and has been remediated in latest release (version 11.3.7)
https://github.com/Hagrid29/ForeScout-SecureConnector-EoP
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22795