Cyber Posture

CVE-2024-9950

High

Published: 02 January 2025

Published
02 January 2025
Modified
17 October 2025
KEV Added
Patch
CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0177 82.8th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-9950 is a high-severity Creation of Temporary File in Directory with Insecure Permissions (CWE-379) vulnerability in Forescout Secureconnector. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Command and Scripting Interpreter (T1059); ranked in the top 17.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SC-4 (Information in Shared System Resources).

Threat & Defense at a Glance

What attackers do: exploitation maps to Command and Scripting Interpreter (T1059) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SC-4 Information in Shared System Resources good match
prevent

Prevents unauthorized modification of compliance scripts in insecure temporary directories, which are shared system resources.

AC-3 Access Enforcement good match
prevent

Enforces logical access controls, including file system permissions, to block low-privilege local attackers from modifying compliance scripts via the insecure temporary directory.

SI-7 Software, Firmware, and Information Integrity good match
detect

Monitors software and information integrity to identify unauthorized modifications to compliance scripts exploited through the insecure temporary directory.

MITRE ATT&CK Enterprise TechniquesAI

T1059 Command and Scripting Interpreter Execution
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
attack.mitre.org →
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
Why these techniques?

Insecure temp directory enables local script modification for attacker-controlled code execution (T1059) and facilitates privilege escalation via the resulting high-impact compromise (T1068).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

A vulnerability in Forescout SecureConnector v11.3.07.0109 on Windows allows unauthenticated user to modify compliance scripts due to insecure temporary directory.

Deeper analysisAI

CVE-2024-9950 is a vulnerability in Forescout SecureConnector version 11.3.07.0109 on Windows that allows an unauthenticated user to modify compliance scripts due to an insecure temporary directory. Published on January 2, 2025, it has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and is associated with CWE-379 (Creation of Temporary File in Directory with Insecure Permissions).

A local attacker with low privileges can exploit this vulnerability with low complexity and no user interaction required. By leveraging the insecure temporary directory, the attacker can modify compliance scripts, potentially leading to high confidentiality, integrity, and availability impacts, such as unauthorized code execution or disruption of compliance enforcement.

For mitigation details, refer to the Forescout support page at https://support.forescout.com/.

Details

CWE(s)
CWE-379

Affected Products

forescout
secureconnector
11.3.07.0109 — 11.3.12

CVEs Like This One

CVE-2025-21173Same vendor: Microsoft
CVE-2025-24049Same vendor: Microsoft
CVE-2026-2123Same product: Microsoft Windows
CVE-2025-20206Same product: Microsoft Windows
CVE-2025-57836Same product: Microsoft Windows
CVE-2026-6311Same product: Microsoft Windows
CVE-2024-55540Same product: Microsoft Windows
CVE-2025-24789Same product: Microsoft Windows
CVE-2025-15558Same product: Microsoft Windows
CVE-2024-55543Same product: Microsoft Windows

References