CVE-2021-28098

Name of the Vulnerable Software and Affected Versions: Forescout CounterACT versions prior to 8.1.4

Description: A local privilege escalation issue is present in the logging function of the affected software. The SecureConnector component runs with administrative privileges and writes log entries to a file with full permissions for the Everyone group. An attacker can exploit this by creating a symbolic link to point the log file to a privileged location, such as %WINDIR%System32, allowing for DLL hijacking.

Recommendations: For versions prior to 8.1.4, update to version 8.1.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the logging function or the %PROGRAMDATA%ForeScout SecureConnector directory to minimize the risk of exploitation.