CVE-2025-4660

Name of the Vulnerable Software and Affected Versions Forescout SecureConnector versions 11.1.02.1019 through 11.3.6

Description A remote code execution vulnerability exists in the Windows agent component of SecureConnector due to improper access controls on a named pipe. The pipe is accessible to the Everyone group and does not restrict remote connections, allowing any network-based attacker to connect without authentication. By interacting with this pipe, an attacker can redirect the agent to communicate with a rogue server that can issue commands via the SecureConnector Agent. The vulnerability allows a low-privilege, remote attacker to redirect the SecureConnector agent to a malicious server. The named pipe, FS SC UNINSTALL PIPE, is used for inter-process communication. A successful exploit involves sending a redirect command with a specific certificate thumbprint consisting of all zeros, bypassing certificate validation and allowing the agent to connect to an attacker-controlled HTTPS server. This enables the attacker to execute commands with SYSTEM privileges.

Recommendations Forescout SecureConnector versions 11.1.02.1019 through 11.3.6: At the moment, there is no information about a newer version that contains a fix for this vulnerability.