Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for InsightVM Virtual Appliance by Rapid7

    CVE-2017-5242 (GCVE-0-2017-5242)

    Vulnerability from nvd – Published: 2023-01-12 00:00 – Updated: 2025-04-08 14:20
    VLAI
    Title
    Rapid7 Nexpose Virtual Appliance Duplicate SSH Host Key
    Summary
    Nexpose and InsightVM virtual appliances downloaded between April 5th, 2017 and May 3rd, 2017 contain identical SSH host keys. Normally, a unique SSH host key should be generated the first time a virtual appliance boots.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-321 - Use of Hard-coded Cryptographic Key
    Assigner
    Impacted products
    Vendor Product Version
    Rapid7 Nexpose Virtual Appliance Affected: 2017.04.05 , < 2017.04.05* (custom)
    Affected: 2017.05.03 , ≤ 2017.05.03 (custom)
    Create a notification for this product.
    Rapid7 InsightVM Virtual Appliance Affected: 2017.04.05 , < 2017.04.05* (custom)
    Affected: 2017.05.03 , ≤ 2017.05.03 (custom)
    Create a notification for this product.
    Date Public
    2017-08-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:55:35.797Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.rapid7.com/blog/post/2017/05/17/rapid7-nexpose-virtual-appliance-duplicate-ssh-host-key-cve-2017-5242/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.7,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2017-5242",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-08T14:18:56.959442Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-08T14:20:43.692Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Nexpose Virtual Appliance",
              "vendor": "Rapid7",
              "versions": [
                {
                  "lessThan": "2017.04.05*",
                  "status": "affected",
                  "version": "2017.04.05",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "2017.05.03",
                  "status": "affected",
                  "version": "2017.05.03",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "InsightVM Virtual Appliance",
              "vendor": "Rapid7",
              "versions": [
                {
                  "lessThan": "2017.04.05*",
                  "status": "affected",
                  "version": "2017.04.05",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "2017.05.03",
                  "status": "affected",
                  "version": "2017.05.03",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2017-08-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Nexpose and InsightVM virtual appliances downloaded between April 5th, 2017 and May 3rd, 2017 contain identical SSH host keys. Normally, a unique SSH host key should be generated the first time a virtual appliance boots."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-321",
                  "description": "CWE-321 Use of Hard-coded Cryptographic Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-01-12T00:00:00.000Z",
            "orgId": "9974b330-7714-4307-a722-5648477acda7",
            "shortName": "rapid7"
          },
          "references": [
            {
              "url": "https://www.rapid7.com/blog/post/2017/05/17/rapid7-nexpose-virtual-appliance-duplicate-ssh-host-key-cve-2017-5242/"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Rapid7 Nexpose Virtual Appliance Duplicate SSH Host Key",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
        "assignerShortName": "rapid7",
        "cveId": "CVE-2017-5242",
        "datePublished": "2023-01-12T00:00:00.000Z",
        "dateReserved": "2017-01-09T00:00:00.000Z",
        "dateUpdated": "2025-04-08T14:20:43.692Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-5242 (GCVE-0-2017-5242)

    Vulnerability from cvelistv5 – Published: 2023-01-12 00:00 – Updated: 2025-04-08 14:20
    VLAI
    Title
    Rapid7 Nexpose Virtual Appliance Duplicate SSH Host Key
    Summary
    Nexpose and InsightVM virtual appliances downloaded between April 5th, 2017 and May 3rd, 2017 contain identical SSH host keys. Normally, a unique SSH host key should be generated the first time a virtual appliance boots.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-321 - Use of Hard-coded Cryptographic Key
    Assigner
    Impacted products
    Vendor Product Version
    Rapid7 Nexpose Virtual Appliance Affected: 2017.04.05 , < 2017.04.05* (custom)
    Affected: 2017.05.03 , ≤ 2017.05.03 (custom)
    Create a notification for this product.
    Rapid7 InsightVM Virtual Appliance Affected: 2017.04.05 , < 2017.04.05* (custom)
    Affected: 2017.05.03 , ≤ 2017.05.03 (custom)
    Create a notification for this product.
    Date Public
    2017-08-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:55:35.797Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.rapid7.com/blog/post/2017/05/17/rapid7-nexpose-virtual-appliance-duplicate-ssh-host-key-cve-2017-5242/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.7,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2017-5242",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-08T14:18:56.959442Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-08T14:20:43.692Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Nexpose Virtual Appliance",
              "vendor": "Rapid7",
              "versions": [
                {
                  "lessThan": "2017.04.05*",
                  "status": "affected",
                  "version": "2017.04.05",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "2017.05.03",
                  "status": "affected",
                  "version": "2017.05.03",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "InsightVM Virtual Appliance",
              "vendor": "Rapid7",
              "versions": [
                {
                  "lessThan": "2017.04.05*",
                  "status": "affected",
                  "version": "2017.04.05",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "2017.05.03",
                  "status": "affected",
                  "version": "2017.05.03",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2017-08-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Nexpose and InsightVM virtual appliances downloaded between April 5th, 2017 and May 3rd, 2017 contain identical SSH host keys. Normally, a unique SSH host key should be generated the first time a virtual appliance boots."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-321",
                  "description": "CWE-321 Use of Hard-coded Cryptographic Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-01-12T00:00:00.000Z",
            "orgId": "9974b330-7714-4307-a722-5648477acda7",
            "shortName": "rapid7"
          },
          "references": [
            {
              "url": "https://www.rapid7.com/blog/post/2017/05/17/rapid7-nexpose-virtual-appliance-duplicate-ssh-host-key-cve-2017-5242/"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Rapid7 Nexpose Virtual Appliance Duplicate SSH Host Key",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
        "assignerShortName": "rapid7",
        "cveId": "CVE-2017-5242",
        "datePublished": "2023-01-12T00:00:00.000Z",
        "dateReserved": "2017-01-09T00:00:00.000Z",
        "dateUpdated": "2025-04-08T14:20:43.692Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }