The Forescout CounterACT NAC device 6.3.4.1 does not block ARP and ICMP traffic from unrecognized clients, which allows remote attackers to conduct ARP poisoning attacks via crafted packets.
Forescout NAC (Network Access Control) version 6.3.4.1 suffers from ICMP and ARP protocols not being filtered, cross site scripting, and cross site redirection vulnerabilities.