CVE-2021-36724 MEDIUM

CVE-2021-36724: ForeScout - SecureConnector Local Service DoS

Vendor Forescout
Product eServices / eNvoice
Published December 29, 2021
Last update September 16, 2024

CVSS base score

6.1/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

What the vulnerability does

01Description

ForeScout - SecureConnector Local Service DoS - A low privilaged user which doesn't have permissions to shutdown the secure connector service writes a large amount of characters in the installationPath. This will cause the buffer to overflow and override the stack cookie causing the service to crash.

Key dates

02Disclosure timeline

December 29, 2021 CVE published
September 16, 2024 Record updated