Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistINCDCVELIST:CVE-2021-36724
HistoryDec 29, 2021 - 5:02 p.m.

CVE-2021-36724 ForeScout - SecureConnector Local Service DoS

2021-12-2917:02:42
INCD
www.cve.org
4
forescout
secureconnector
local service
denial of service
buffer overflow
stack cookie_override

CVSS3

6.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

EPSS

0

Percentile

12.6%

JSON

ForeScout - SecureConnector Local Service DoS - A low privilaged user which doesn’t have permissions to shutdown the secure connector service writes a large amount of characters in the installationPath. This will cause the buffer to overflow and override the stack cookie causing the service to crash.

CNA Affected

[
  {
    "product": "eServices / eNvoice",
    "vendor": "ForeScout",
    "versions": [
      {
        "status": "affected",
        "version": "SecureConnector 11.0.4.1024"
      }
    ]
  }
]

Related

cnvd 1
cve 1
prion 1
nvd 1
cnvd
cnvd
ForeScout SecureConnector has an unspecified vulnerability
2021-12-30 00:00:00
cve
cve
CVE-2021-36724
2021-12-29 18:15:07
prion
prion
Buffer overflow
2021-12-29 18:15:00
nvd
nvd
CVE-2021-36724
2021-12-29 18:15:07

CVSS3

6.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

EPSS

0

Percentile

12.6%

JSON
Related for CVELIST:CVE-2021-36724
cnvd1cve1prion1nvd1