National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

CVE-2016-9485 Detail

Current Description

On Windows endpoints, the SecureConnector agent must run under the local SYSTEM account or another administrator account in order to enable full functionality of the agent. The typical configuration is for the agent to run as a Windows service under the local SYSTEM account. The SecureConnector agent runs various plugin scripts and executables on the endpoint in order to gather and report information about the host to the CounterACT management appliance. The SecureConnector agent downloads these scripts and executables as needed from the CounterACT management appliance and runs them on the endpoint. The SecureConnector agent fails to set any permissions on downloaded file objects. This allows a malicious user to take ownership of any of these files and make modifications to it, regardless of where the files are saved. These files are then executed under SYSTEM privileges. A malicious unprivileged user can overwrite these executable files with malicious code before the SecureConnector agent executes them, causing the malicious code to be run under the SYSTEM account.

Source:  MITRE
View Analysis Description

Severity



CVSS 3.x Severity and Metrics:

NIST CVSS score
NIST: NVD
Base Score: 7.8 HIGH
Vector:  CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource
http://www.securityfocus.com/bid/94740 Third Party Advisory VDB Entry
https://www.kb.cert.org/vuls/id/768331 Third Party Advisory US Government Resource

Weakness Enumeration

CWE-ID CWE Name Source
CWE-264 Permissions, Privileges, and Access Controls NIST  
CWE-378 Creation of Temporary File With Insecure Permissions CERT/CC  

Known Affected Software Configurations Switch to CPE 2.2

Configuration 1 ( hide )
 cpe:2.3:a:forescout:secureconnector:-:*:*:*:*:windows:*:*
     Show Matching CPE(s)


Change History

3 change records found - show changes

Quick Info

CVE Dictionary Entry:
CVE-2016-9485
NVD Published Date:
07/13/2018
NVD Last Modified:
10/09/2019