Cyber Resilience

CVE-2024-9950

High

Published: 02 January 2025

Published
02 January 2025
Modified
17 October 2025
KEV Added
Patch
CVSS Score v4 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:L/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0239 85.3th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-9950 is a high-severity Creation of Temporary File in Directory with Insecure Permissions (CWE-379) vulnerability in Forescout Secureconnector. Its CVSS base score is 8.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Command and Scripting Interpreter (T1059); ranked in the top 14.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SC-4 (Information in Shared System Resources).

Deeper analysis

CVE-2024-9950 is a vulnerability in Forescout SecureConnector version 11.3.07.0109 on Windows that allows an unauthenticated user to modify compliance scripts due to an insecure temporary directory. Published on January 2, 2025, it has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and is associated with CWE-379 (Creation of Temporary File in Directory with Insecure Permissions).

A local attacker with low privileges can exploit this vulnerability with low complexity and no user interaction required. By leveraging the insecure temporary directory, the attacker can modify compliance scripts, potentially leading to high confidentiality, integrity, and availability impacts, such as unauthorized code execution or disruption of compliance enforcement.

For mitigation details, refer to the Forescout support page at https://support.forescout.com/.

EU & UK References

Vulnerability details

A vulnerability in Forescout SecureConnector v11.3.07.0109 on Windows allows unauthenticated user to modify compliance scripts due to insecure temporary directory.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1059 Command and Scripting Interpreter Execution
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Insecure temp directory enables local script modification for attacker-controlled code execution (T1059) and facilitates privilege escalation via the resulting high-impact compromise (T1068).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-21173Same vendor: Microsoft
CVE-2025-24049Same vendor: Microsoft
CVE-2026-9932Same product: Microsoft Windows
CVE-2026-7994Same product: Microsoft Windows
CVE-2026-9890Same product: Microsoft Windows
CVE-2026-2123Same product: Microsoft Windows
CVE-2026-8573Same product: Microsoft Windows
CVE-2026-8510Same product: Microsoft Windows
CVE-2026-9966Same product: Microsoft Windows
CVE-2026-7911Same product: Microsoft Windows

Affected Assets

forescout
secureconnector
11.3.07.0109 — 11.3.12

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Prevents unauthorized modification of compliance scripts in insecure temporary directories, which are shared system resources.

prevent

Enforces logical access controls, including file system permissions, to block low-privilege local attackers from modifying compliance scripts via the insecure temporary directory.

detect

Monitors software and information integrity to identify unauthorized modifications to compliance scripts exploited through the insecure temporary directory.

References