CVE-2024-9949 - OpenCVE

Denial of Service in Forescout SecureConnector 11.1.02.1019 on Windows allows Unprivileged user to corrupt the configuration file and cause Denial of Service in the application.

Attack Vector Local

Attack Complexity High

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

No data.

No data.

No data.

References

Link	Providers
https://forescout.my.site.com/support/s/article/High-Severity-Vulnerability-in-Secure-Connector-HPS-Inspection-Engine-v11-3-5-and-lower

History

Thu, 07 Nov 2024 16:45:00 +0000

Type	Values Removed	Values Added
Title		Denial of Service in Forescout SecureConnector

Thu, 24 Oct 2024 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 23 Oct 2024 17:45:00 +0000

Type	Values Removed	Values Added
Description		Denial of Service in Forescout SecureConnector 11.1.02.1019 on Windows allows Unprivileged user to corrupt the configuration file and cause Denial of Service in the application.
Weaknesses		CWE-1188
References		https://forescout.my.site.com/support/s/article/High-Severity-Vulnerability-in-Secure-Connector-HPS-Inspection-Engine-v11-3-5-and-lower
Metrics		cvssV4_0 `{'score': 5.8, 'vector': 'CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: Forescout

Published: 2024-10-23T17:37:42.978Z

Updated: 2024-11-07T16:36:26.432Z

Reserved: 2024-10-14T18:53:58.941Z

Link: CVE-2024-9949

Vulnrichment

Updated: 2024-10-24T14:51:16.814Z

NVD

Status : Awaiting Analysis

Published: 2024-10-23T18:15:13.763

Modified: 2024-10-25T12:56:07.750

Link: CVE-2024-9949

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-9949", "assignerOrgId": "a14582b7-06f4-4d66-8e82-3d7ba3739e88", "state": "PUBLISHED", "assignerShortName": "Forescout", "dateReserved": "2024-10-14T18:53:58.941Z", "datePublished": "2024-10-23T17:37:42.978Z", "dateUpdated": "2024-11-07T16:36:26.432Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Windows"], "product": "SecureConnector", "vendor": "Forescout", "versions": [{"changes": [{"at": "11.3.6", "status": "unaffected"}], "lessThanOrEqual": "11.3.5", "status": "affected", "version": "11.1.02.1019", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Denial of Service in Forescout SecureConnector 11.1.02.1019 on Windows allows Unprivileged user to corrupt the configuration file and cause Denial of Service in the application. "}], "value": "Denial of Service in Forescout SecureConnector\u00a011.1.02.1019 on Windows allows Unprivileged user to corrupt the configuration file and cause Denial of Service in the application."}], "impacts": [{"capecId": "CAPEC-234", "descriptions": [{"lang": "en", "value": "CAPEC-234 Hijacking a privileged process"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 5.8, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1188", "description": "CWE-1188 Insecure Default Initialization of Resource", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "a14582b7-06f4-4d66-8e82-3d7ba3739e88", "shortName": "Forescout", "dateUpdated": "2024-11-07T16:36:26.432Z"}, "references": [{"url": "https://forescout.my.site.com/support/s/article/High-Severity-Vulnerability-in-Secure-Connector-HPS-Inspection-Engine-v11-3-5-and-lower"}], "source": {"discovery": "UNKNOWN"}, "title": "Denial of Service in Forescout SecureConnector", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-24T14:51:06.339003Z", "id": "CVE-2024-9949", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-24T14:51:20.477Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-9949", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-24T14:51:06.339003Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-24T14:51:16.814Z"}}], "cna": {"title": "Denial of Service in Forescout SecureConnector", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-234", "descriptions": [{"lang": "en", "value": "CAPEC-234 Hijacking a privileged process"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.8, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Forescout", "product": "SecureConnector", "versions": [{"status": "affected", "changes": [{"at": "11.3.6", "status": "unaffected"}], "version": "11.1.02.1019", "versionType": "custom", "lessThanOrEqual": "11.3.5"}], "platforms": ["Windows"], "defaultStatus": "unaffected"}], "references": [{"url": "https://forescout.my.site.com/support/s/article/High-Severity-Vulnerability-in-Secure-Connector-HPS-Inspection-Engine-v11-3-5-and-lower"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Denial of Service in Forescout SecureConnector\u00a011.1.02.1019 on Windows allows Unprivileged user to corrupt the configuration file and cause Denial of Service in the application.", "supportingMedia": [{"type": "text/html", "value": "Denial of Service in Forescout SecureConnector 11.1.02.1019 on Windows allows Unprivileged user to corrupt the configuration file and cause Denial of Service in the application. ", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1188", "description": "CWE-1188 Insecure Default Initialization of Resource"}]}], "providerMetadata": {"orgId": "a14582b7-06f4-4d66-8e82-3d7ba3739e88", "shortName": "Forescout", "dateUpdated": "2024-11-07T16:36:26.432Z"}}}, "cveMetadata": {"cveId": "CVE-2024-9949", "state": "PUBLISHED", "dateUpdated": "2024-11-07T16:36:26.432Z", "dateReserved": "2024-10-14T18:53:58.941Z", "assignerOrgId": "a14582b7-06f4-4d66-8e82-3d7ba3739e88", "datePublished": "2024-10-23T17:37:42.978Z", "assignerShortName": "Forescout"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Denial of Service in Forescout SecureConnector\u00a011.1.02.1019 on Windows allows Unprivileged user to corrupt the configuration file and cause Denial of Service in the application."}, {"lang": "es", "value": "La denegaci\u00f3n de servicio en Forescout SecureConnector 11.1.02.1019 en Windows permite que un usuario sin privilegios corrompa el archivo de configuraci\u00f3n y provoque una denegaci\u00f3n de servicio en la aplicaci\u00f3n."}], "id": "CVE-2024-9949", "lastModified": "2024-10-25T12:56:07.750", "metrics": {"cvssMetricV40": [{"cvssData": {"attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "LOCAL", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "HIGH", "vulnerableSystemConfidentiality": "NONE", "vulnerableSystemIntegrity": "LOW"}, "source": "a14582b7-06f4-4d66-8e82-3d7ba3739e88", "type": "Secondary"}]}, "published": "2024-10-23T18:15:13.763", "references": [{"source": "a14582b7-06f4-4d66-8e82-3d7ba3739e88", "url": "https://forescout.my.site.com/support/s/article/High-Severity-Vulnerability-in-Secure-Connector-HPS-Inspection-Engine-v11-3-5-and-lower"}], "sourceIdentifier": "a14582b7-06f4-4d66-8e82-3d7ba3739e88", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1188"}], "source": "a14582b7-06f4-4d66-8e82-3d7ba3739e88", "type": "Secondary"}]}