Lucene search

INCDCVE-2023-39374

HistorySep 03, 2023 - 3:15 p.m.

CVE-2023-39374

2023-09-0315:15:14

CWE-427

INCD

web.nvd.nist.gov

forescout

nac

secureconnector

v11.2

cwe-427

uncontrolled search path element

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

High

EPSS

0.001

Percentile

21.5%

JSON

ForeScout NAC SecureConnector version 11.2 - CWE-427: Uncontrolled Search Path Element

Affected configurations

Nvd

Node

forescoutsecureconnectorMatch11.2

VendorProductVersionCPE
forescoutsecureconnector11.2cpe:2.3:a:forescout:secureconnector:11.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
forescout	secureconnector	11.2	cpe:2.3:a:forescout:secureconnector:11.2:::::::*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "NAC SecureConnector",
    "vendor": " ForeScout",
    "versions": [
      {
        "lessThan": "Upgrade to Endpoint Module (SecureConnector) Release 1.4.5",
        "status": "unknown",
        "version": "version 11.2",
        "versionType": "custom"
      }
    ]
  }
]

References

www.gov.il/en/Departments/faq/cve_advisories

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

High

EPSS

0.001

Percentile

21.5%

JSON

Related for CVE-2023-39374