Forescout recently became aware of certain vulnerabilities in our logging mechanism whereby plugins may write clear-text credentials to the logs under particular logging configurations.
After careful evaluation of the findings, the following course of action provides fixes where required and available.
Vulnerable component(s)
Please see the following table for vulnerable plugins, immediate mitigations and hotfix details.
CounterACT V7
Plugin | Version | Vulnerable | Mitigation | Hotfix Release |
Linux Plugin | 1.1.1.1-11011005 | Yes | Decrease debug logging below 10 | |
Palo Alto NGFW | 1.1.2.1-11021007 | Yes | Disable debug logs | |
CrowdStrike Plugin | 1.0.0.1-10001006 | Yes | Disable debug logs | |
RADIUS Plugin |
| No |
|
|
CEF Plugin |
| No |
|
|
CounterACT V8
Plugin | Version | Vulnerable | Mitigation | Hotfix Release |
Linux Plugin | 1.2.1.1-12011016 | Yes | Decrease debug logging below 10 | |
CEF Plugin | 2.7.0.1-27001003 | Yes | Decrease debug logging below 10 | |
RADIUS Plugin | 4.3.1.1-43011020 | Yes | Decrease debug logging below 10 | |
Palo Alto NGFW | 1.2.0.1-12001016 | Yes | Disable debug logs | |
CrowdStrike Plugin | 1.1.0.1-11001003 | Yes | Disable debug logs |
CounterACT V8.1.x
Plugin | Version | Vulnerable | Mitigation | Hotfix Release |
Linux Plugin | 1.4.1.1-14011002 | Yes | Decrease debug logging below 10 | |
CEF Plugin | 2.8.0.1-28001011 | Yes | Decrease debug logging below 10 | |
RADIUS Plugin | 4.4.1.1-44011008 | Yes | Decrease debug logging below 10 | |
Palo Alto NGFW | 1.3.0.1-13001015 | Yes | Disable debug logs | |
CrowdStrike Plugin | 1.2.0.1-12001014 | Yes | Disable debug logs |
Similar behavior, which is not a vulnerability
When configuration data or any other information isn’t encrypted and is being sent to CounterACT as is and CounterACT is configured for debug logging (debug level 10 and above), the clear text data may appear in the log files.
This behavior isn’t a vulnerability in Forescout’s product, though it might appear like the vulnerability disclosed above.
Forescout encourages all customers to encrypt configuration information and other data based on classification and sensitivity.
For More Information:
For additional information, please contact Forescout Customer Care via the Forescout Customer Support Portal.
Legal Disclaimer
THIS NOTIFICATION IS PROVIDED ON AN “AS IS” BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION IN THIS ALERT OR MATERIALS LINKED FROM THIS ALERT IS AT YOUR OWN RISK. FORESCOUT RESERVES THE RIGHT TO CHANGE OR UPDATE THIS ALERT AT ANY TIME.
Forescout Confidential and Proprietary
This Alert may contain Forescout proprietary and confidential information and must be protected by the recipient accordingly. The information in this Alert is not meant for general dissemination and may only be used by the recipient in connection with the services reflected in this Alert. Any unauthorized use or dissemination of this Alert in whole or in part is strictly forbidden.
© 2019. Forescout Technologies, Inc. All rights reserved. Forescout Technologies, Inc. is a Delaware corporation. A list of our trademarks and patents can be found at https://www.Forescout.com/company/legal/intellectual-property-patents-trademarks. Other brands, products, or service names may be trademarks or service marks of their respective owners.
