CVE-2024-9950

HIGH

Forescout SecureConnector <11.3.07.0109 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-9950. PoCs published by 0Nightsedge0.

AI-analyzed exploit summary This PoC exploits a local privilege escalation vulnerability in Forescout SecureConnector by monitoring a temporary directory for newly created .bat files and replacing them with a malicious script. The exploit leverages a FileSystemWatcher to detect file creation events and hijacks the file by renaming the original and replacing it with a controlled script.

Description

A vulnerability in Forescout SecureConnector v11.3.07.0109 on Windows allows unauthenticated user to modify compliance scripts due to insecure temporary directory.

Exploits (1)

nomisec WORKING POC
by 0Nightsedge0 · poc
https://github.com/0Nightsedge0/CVE-2024-9950-PoC

This PoC exploits a local privilege escalation vulnerability in Forescout SecureConnector by monitoring a temporary directory for newly created .bat files and replacing them with a malicious script. The exploit leverages a FileSystemWatcher to detect file creation events and hijacks the file by renaming the original and replacing it with a controlled script.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Forescout SecureConnector <= 11.3.07
No auth needed
Prerequisites: Local access to a Windows machine with Forescout SecureConnector <= 11.3.07 installed · Ability to write files to the monitored temporary directory
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
Permissions Required, Vendor Advisory
https://support.forescout.com/

Scores

CVSS v3 7.8
EPSS 0.0030
EPSS Percentile 21.6%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-379
Status published
Products (1)
forescout/secureconnector 11.3.07.0109 - 11.3.12
Published Jan 02, 2025
Tracked Since Feb 18, 2026