Search criteria
12 vulnerabilities found for insight_agent by rapid7
CVE-2026-6482 (GCVE-0-2026-6482)
Vulnerability from nvd – Published: 2026-04-17 05:19 – Updated: 2026-04-18 03:55
VLAI
Title
Local Privilege Escalation via OpenSSL configuration file in Insight Agent
Summary
The Rapid7 Insight Agent (versions > 4.1.0.2) is vulnerable to a local privilege escalation attack that allows users to gain SYSTEM level control of a Windows host. Upon startup the agent service attempts to load an OpenSSL configuration file from a non-existent directory that is writable by standard users. By planting a crafted openssl.cnf file an attacker can trick the high-privilege service into executing arbitrary commands. This effectively permits an unprivileged user to bypass security controls and achieve a full host compromise under the agent’s SYSTEM level access.
Severity
CWE
- CWE-829 - Inclusion of functionality from untrusted control sphere
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Rapid7 | Insight Agent |
Affected:
0 , < 4.1.0.2
(custom)
|
Date Public
2026-04-09 14:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-6482",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-17T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-18T03:55:55.477Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Insight Agent",
"vendor": "Rapid7",
"versions": [
{
"lessThan": "4.1.0.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dell Security Assurance Team"
}
],
"datePublic": "2026-04-09T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Rapid7 Insight Agent (versions \u0026gt; 4.1.0.2) is vulnerable to a local privilege escalation attack that allows users to gain \u003cb\u003eSYSTEM\u003c/b\u003e\u0026nbsp;level control of a Windows host. Upon startup the agent service attempts to load an OpenSSL configuration file from a non-existent directory that is writable by standard users. By planting a crafted \u003ccode\u003eopenssl.cnf\u003c/code\u003e file an attacker can trick the high-privilege service into executing arbitrary commands. This effectively permits an unprivileged user to bypass security controls and achieve a full host compromise under the agent\u2019s \u003cb\u003eSYSTEM\u003c/b\u003e level access."
}
],
"value": "The Rapid7 Insight Agent (versions \u003e 4.1.0.2) is vulnerable to a local privilege escalation attack that allows users to gain SYSTEM\u00a0level control of a Windows host. Upon startup the agent service attempts to load an OpenSSL configuration file from a non-existent directory that is writable by standard users. By planting a crafted openssl.cnf file an attacker can trick the high-privilege service into executing arbitrary commands. This effectively permits an unprivileged user to bypass security controls and achieve a full host compromise under the agent\u2019s SYSTEM level access."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "PROOF_OF_CONCEPT",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L/E:P",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-829",
"description": "CWE-829 Inclusion of functionality from untrusted control sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T05:22:25.106Z",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"url": "https://docs.rapid7.com/insight/release-notes-2026-april/#improvements-and-fixes"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Local Privilege Escalation via OpenSSL configuration file in Insight Agent",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2026-6482",
"datePublished": "2026-04-17T05:19:20.485Z",
"dateReserved": "2026-04-17T04:25:38.616Z",
"dateUpdated": "2026-04-18T03:55:55.477Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-2273 (GCVE-0-2023-2273)
Vulnerability from nvd – Published: 2023-04-26 08:55 – Updated: 2025-01-31 16:13
VLAI
Title
Rapid7 Insight Agent Directory Traversal
Summary
Rapid7 Insight Agent token handler versions 3.2.6 and below, suffer from a Directory Traversal vulnerability whereby unsanitized input from a CLI argument flows into io.ioutil.WriteFile, where it is used as a path. This can result in a Path Traversal vulnerability and allow an attacker to write arbitrary files. This issue is remediated in version 3.3.0 via safe guards that reject inputs that attempt to do path traversal.
Severity
5.8 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Rapid7 | Insight Agent |
Affected:
0 , < 3.3.0
(custom)
|
Date Public
2023-04-25 16:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:19:14.644Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://docs.rapid7.com/release-notes/insightagent/20230425/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2273",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-31T16:12:57.435689Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-31T16:13:24.347Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Insight Agent",
"vendor": "Rapid7",
"versions": [
{
"lessThan": "3.3.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-04-25T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Rapid7 Insight Agent token handler versions 3.2.6 and below, suffer from a Directory Traversal vulnerability whereby unsanitized input from a CLI argument flows into io.ioutil.WriteFile, where it is used as a path. This can result in a Path Traversal vulnerability and allow an attacker to write arbitrary files. This issue is remediated in version 3.3.0 via safe guards that reject inputs that attempt to do path traversal."
}
],
"value": "Rapid7 Insight Agent token handler versions 3.2.6 and below, suffer from a Directory Traversal vulnerability whereby unsanitized input from a CLI argument flows into io.ioutil.WriteFile, where it is used as a path. This can result in a Path Traversal vulnerability and allow an attacker to write arbitrary files. This issue is remediated in version 3.3.0 via safe guards that reject inputs that attempt to do path traversal."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-26T08:59:51.382Z",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"url": "https://docs.rapid7.com/release-notes/insightagent/20230425/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Rapid7 Insight Agent Directory Traversal",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2023-2273",
"datePublished": "2023-04-26T08:55:36.868Z",
"dateReserved": "2023-04-25T08:45:42.126Z",
"dateUpdated": "2025-01-31T16:13:24.347Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0237 (GCVE-0-2022-0237)
Vulnerability from nvd – Published: 2022-03-17 22:30 – Updated: 2024-09-16 20:01
VLAI
Title
Rapid7 Insight Agent Privilege Escalation
Summary
Rapid7 Insight Agent versions 3.1.2.38 and earlier suffer from a privilege escalation vulnerability, whereby an attacker can hijack the flow of execution due to an unquoted argument to the runas.exe command used by the ir_agent.exe component, resulting in elevated rights and persistent access to the machine. This issue was fixed in Rapid7 Insight Agent version 3.1.3.80.
Severity
4 (Medium)
CWE
- CWE-264 - Permissions, Privileges, and Access Controls
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://docs.rapid7.com/release-notes/insightagen… | x_refsource_CONFIRM |
| https://gist.github.com/n2dez/05d43c616f2b403e84e… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Rapid7 | Insight Agent |
Affected:
3.1.2.38 , ≤ 3.1.2.38
(custom)
|
Date Public
2022-02-25 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:42.984Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://docs.rapid7.com/release-notes/insightagent/20220225/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/n2dez/05d43c616f2b403e84ee55d4d7aab251"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Insight Agent",
"vendor": "Rapid7",
"versions": [
{
"lessThanOrEqual": "3.1.2.38",
"status": "affected",
"version": "3.1.2.38",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Ryan Schachtschneider"
}
],
"datePublic": "2022-02-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Rapid7 Insight Agent versions 3.1.2.38 and earlier suffer from a privilege escalation vulnerability, whereby an attacker can hijack the flow of execution due to an unquoted argument to the runas.exe command used by the ir_agent.exe component, resulting in elevated rights and persistent access to the machine. This issue was fixed in Rapid7 Insight Agent version 3.1.3.80."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-264",
"description": "CWE-264 Permissions, Privileges, and Access Controls",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-17T22:30:16.000Z",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://docs.rapid7.com/release-notes/insightagent/20220225/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/n2dez/05d43c616f2b403e84ee55d4d7aab251"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Rapid7 Insight Agent Privilege Escalation",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "2022-02-25T00:00:00.000Z",
"ID": "CVE-2022-0237",
"STATE": "PUBLIC",
"TITLE": "Rapid7 Insight Agent Privilege Escalation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Insight Agent",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "\u003c=",
"version_name": "3.1.2.38",
"version_value": "3.1.2.38"
}
]
}
}
]
},
"vendor_name": "Rapid7"
}
]
}
},
"configuration": [],
"credit": [
{
"lang": "eng",
"value": "Ryan Schachtschneider"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Rapid7 Insight Agent versions 3.1.2.38 and earlier suffer from a privilege escalation vulnerability, whereby an attacker can hijack the flow of execution due to an unquoted argument to the runas.exe command used by the ir_agent.exe component, resulting in elevated rights and persistent access to the machine. This issue was fixed in Rapid7 Insight Agent version 3.1.3.80."
}
]
},
"exploit": [],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-264 Permissions, Privileges, and Access Controls"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.rapid7.com/release-notes/insightagent/20220225/",
"refsource": "CONFIRM",
"url": "https://docs.rapid7.com/release-notes/insightagent/20220225/"
},
{
"name": "https://gist.github.com/n2dez/05d43c616f2b403e84ee55d4d7aab251",
"refsource": "MISC",
"url": "https://gist.github.com/n2dez/05d43c616f2b403e84ee55d4d7aab251"
}
]
},
"solution": [],
"source": {
"advisory": "",
"defect": [],
"discovery": "UNKNOWN"
},
"work_around": []
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2022-0237",
"datePublished": "2022-03-17T22:30:16.553Z",
"dateReserved": "2022-01-14T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:01:39.262Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-4016 (GCVE-0-2021-4016)
Vulnerability from nvd – Published: 2022-01-21 18:00 – Updated: 2024-09-16 22:30
VLAI
Title
Rapid7 Insight Agent Improper Access Control
Summary
Rapid7 Insight Agent, versions prior to 3.1.3, suffer from an improper access control vulnerability whereby, the user has access to the snapshot directory. An attacker can access, read and copy any of the files in this directory e.g. asset_info.json or file_info.json, leading to a loss of confidentiality. This issue was fixed in Rapid7 Insight Agent 3.1.3.
Severity
4 (Medium)
CWE
- CWE-284 - Improper Access Control
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://docs.rapid7.com/release-notes/insightagen… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Rapid7 | Insight Agent |
Affected:
3.1.3 , < 3.1.3
(custom)
|
Date Public
2022-01-19 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:16:03.186Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://docs.rapid7.com/release-notes/insightagent/20220119/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Insight Agent",
"vendor": "Rapid7",
"versions": [
{
"lessThan": "3.1.3",
"status": "affected",
"version": "3.1.3",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Andreas Welcker"
}
],
"datePublic": "2022-01-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Rapid7 Insight Agent, versions prior to 3.1.3, suffer from an improper access control vulnerability whereby, the user has access to the snapshot directory. An attacker can access, read and copy any of the files in this directory e.g. asset_info.json or file_info.json, leading to a loss of confidentiality. This issue was fixed in Rapid7 Insight Agent 3.1.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-21T18:00:11.000Z",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://docs.rapid7.com/release-notes/insightagent/20220119/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Rapid7 Insight Agent Improper Access Control",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "2022-01-19T00:00:00.000Z",
"ID": "CVE-2021-4016",
"STATE": "PUBLIC",
"TITLE": "Rapid7 Insight Agent Improper Access Control"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Insight Agent",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "\u003c",
"version_name": "3.1.3",
"version_value": "3.1.3"
}
]
}
}
]
},
"vendor_name": "Rapid7"
}
]
}
},
"configuration": [],
"credit": [
{
"lang": "eng",
"value": "Andreas Welcker"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Rapid7 Insight Agent, versions prior to 3.1.3, suffer from an improper access control vulnerability whereby, the user has access to the snapshot directory. An attacker can access, read and copy any of the files in this directory e.g. asset_info.json or file_info.json, leading to a loss of confidentiality. This issue was fixed in Rapid7 Insight Agent 3.1.3."
}
]
},
"exploit": [],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.rapid7.com/release-notes/insightagent/20220119/",
"refsource": "CONFIRM",
"url": "https://docs.rapid7.com/release-notes/insightagent/20220119/"
}
]
},
"solution": [],
"source": {
"advisory": "",
"defect": [],
"discovery": "UNKNOWN"
},
"work_around": []
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2021-4016",
"datePublished": "2022-01-21T18:00:11.396Z",
"dateReserved": "2021-11-24T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:30:10.497Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-4007 (GCVE-0-2021-4007)
Vulnerability from nvd – Published: 2021-12-14 14:55 – Updated: 2024-09-16 21:57
VLAI
Title
Rapid7 Insight Agent Privilege Escalation
Summary
Rapid7 Insight Agent, versions 3.0.1 to 3.1.2.34, suffer from a local privilege escalation due to an uncontrolled DLL search path. Specifically, when Insight Agent versions 3.0.1 to 3.1.2.34 start, the Python interpreter attempts to load python3.dll at "C:\DLLs\python3.dll," which normally is writable by locally authenticated users. Because of this, a malicious local user could use Insight Agent's startup conditions to elevate to SYSTEM privileges. This issue was fixed in Rapid7 Insight Agent 3.1.2.35. This vulnerability is a regression of CVE-2019-5629.
Severity
7.8 (High)
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://docs.rapid7.com/release-notes/insightagen… | x_refsource_CONFIRM |
| https://cve.mitre.org/cgi-bin/cvename.cgi?name=20… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Rapid7 | Insight Agent |
Affected:
3.0.1 , < 3.0.1*
(custom)
Affected: 3.1.2.34 , ≤ 3.1.2.34 (custom) |
Date Public
2021-12-10 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:16:03.261Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://docs.rapid7.com/release-notes/insightagent/20211210/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-5629"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Insight Agent",
"vendor": "Rapid7",
"versions": [
{
"lessThan": "3.0.1*",
"status": "affected",
"version": "3.0.1",
"versionType": "custom"
},
{
"lessThanOrEqual": "3.1.2.34",
"status": "affected",
"version": "3.1.2.34",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Dawson Medin discovered and disclosed this issue to Rapid7"
}
],
"datePublic": "2021-12-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Rapid7 Insight Agent, versions 3.0.1 to 3.1.2.34, suffer from a local privilege escalation due to an uncontrolled DLL search path. Specifically, when Insight Agent versions 3.0.1 to 3.1.2.34 start, the Python interpreter attempts to load python3.dll at \"C:\\DLLs\\python3.dll,\" which normally is writable by locally authenticated users. Because of this, a malicious local user could use Insight Agent\u0027s startup conditions to elevate to SYSTEM privileges. This issue was fixed in Rapid7 Insight Agent 3.1.2.35. This vulnerability is a regression of CVE-2019-5629."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-14T14:55:14.000Z",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://docs.rapid7.com/release-notes/insightagent/20211210/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-5629"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Rapid7 Insight Agent Privilege Escalation",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "2021-12-10T15:00:00.000Z",
"ID": "CVE-2021-4007",
"STATE": "PUBLIC",
"TITLE": "Rapid7 Insight Agent Privilege Escalation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Insight Agent",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "\u003e=",
"version_name": "3.0.1",
"version_value": "3.0.1"
},
{
"platform": "",
"version_affected": "\u003c=",
"version_name": "3.1.2.34",
"version_value": "3.1.2.34"
}
]
}
}
]
},
"vendor_name": "Rapid7"
}
]
}
},
"configuration": [],
"credit": [
{
"lang": "eng",
"value": "Dawson Medin discovered and disclosed this issue to Rapid7"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Rapid7 Insight Agent, versions 3.0.1 to 3.1.2.34, suffer from a local privilege escalation due to an uncontrolled DLL search path. Specifically, when Insight Agent versions 3.0.1 to 3.1.2.34 start, the Python interpreter attempts to load python3.dll at \"C:\\DLLs\\python3.dll,\" which normally is writable by locally authenticated users. Because of this, a malicious local user could use Insight Agent\u0027s startup conditions to elevate to SYSTEM privileges. This issue was fixed in Rapid7 Insight Agent 3.1.2.35. This vulnerability is a regression of CVE-2019-5629."
}
]
},
"exploit": [],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-427 Uncontrolled Search Path Element"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.rapid7.com/release-notes/insightagent/20211210/",
"refsource": "CONFIRM",
"url": "https://docs.rapid7.com/release-notes/insightagent/20211210/"
},
{
"name": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-5629",
"refsource": "MISC",
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-5629"
}
]
},
"solution": [],
"source": {
"advisory": "",
"defect": [],
"discovery": "UNKNOWN"
},
"work_around": []
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2021-4007",
"datePublished": "2021-12-14T14:55:14.461Z",
"dateReserved": "2021-11-23T00:00:00.000Z",
"dateUpdated": "2024-09-16T21:57:47.130Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5629 (GCVE-0-2019-5629)
Vulnerability from nvd – Published: 2019-07-13 00:15 – Updated: 2024-09-16 22:45
VLAI
Summary
Rapid7 Insight Agent, version 2.6.3 and prior, suffers from a local privilege escalation due to an uncontrolled DLL search path. Specifically, when Insight Agent 2.6.3 and prior starts, the Python interpreter attempts to load python3.dll at "C:\DLLs\python3.dll," which normally is writable by locally authenticated users. Because of this, a malicious local user could use Insight Agent's startup conditions to elevate to SYSTEM privileges. This issue was fixed in Rapid7 Insight Agent 2.6.4.
Severity
7.8 (High)
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://seclists.org/bugtraq/2019/Jun/0 | mailing-listx_refsource_BUGTRAQ |
| http://packetstormsecurity.com/files/153159/Rapid… | x_refsource_MISC |
| http://seclists.org/fulldisclosure/2019/Jun/13 | mailing-listx_refsource_FULLDISC |
| https://help.rapid7.com/insightagent/release-note… | x_refsource_CONFIRM |
| https://bogner.sh/2019/06/local-privilege-escalat… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Rapid7 | Insight Agent |
Affected:
2.6.3 and prior
|
Date Public
2019-05-29 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:01:51.670Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20190603 Rapid7\u0027s Windows InsightIDR Agent: Local Privilege Escalation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Jun/0"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/153159/Rapid7-Windows-InsightIDR-Agent-2.6.3.14-Local-Privilege-Escalation.html"
},
{
"name": "20190611 Rapid7\u0027s Windows InsightIDR Agent: Local Privilege Escalation",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Jun/13"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://help.rapid7.com/insightagent/release-notes/archive/2019/05/#20190529"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bogner.sh/2019/06/local-privilege-escalation-in-rapid7s-windows-insight-idr-agent/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Insight Agent",
"vendor": "Rapid7",
"versions": [
{
"status": "affected",
"version": "2.6.3 and prior"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered, and reported to Rapid7, by independent researcher Florian Bogner at Bee IT Security. It is being disclosed in accordance with Rapid7\u0027s vulnerability disclosure policy (https://www.rapid7.com/disclosure/)."
}
],
"datePublic": "2019-05-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Rapid7 Insight Agent, version 2.6.3 and prior, suffers from a local privilege escalation due to an uncontrolled DLL search path. Specifically, when Insight Agent 2.6.3 and prior starts, the Python interpreter attempts to load python3.dll at \"C:\\DLLs\\python3.dll,\" which normally is writable by locally authenticated users. Because of this, a malicious local user could use Insight Agent\u0027s startup conditions to elevate to SYSTEM privileges. This issue was fixed in Rapid7 Insight Agent 2.6.4."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427: Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-13T00:16:06.000Z",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"name": "20190603 Rapid7\u0027s Windows InsightIDR Agent: Local Privilege Escalation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Jun/0"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/153159/Rapid7-Windows-InsightIDR-Agent-2.6.3.14-Local-Privilege-Escalation.html"
},
{
"name": "20190611 Rapid7\u0027s Windows InsightIDR Agent: Local Privilege Escalation",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Jun/13"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://help.rapid7.com/insightagent/release-notes/archive/2019/05/#20190529"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bogner.sh/2019/06/local-privilege-escalation-in-rapid7s-windows-insight-idr-agent/"
}
],
"solutions": [
{
"lang": "en",
"value": "This issue affects Insight Agent instances at version 2.6.4 and older. Insight Agent will normally update automatically. Otherwise, if your Insight Agent instances are not running 2.6.5 or higher, ensure that you update all instances to 2.6.5 (or later if available)."
}
],
"source": {
"advisory": "R7-2019-19",
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.7"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "2019-05-29T17:17:00.000Z",
"ID": "CVE-2019-5629",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Insight Agent",
"version": {
"version_data": [
{
"version_value": "2.6.3 and prior"
}
]
}
}
]
},
"vendor_name": "Rapid7"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was discovered, and reported to Rapid7, by independent researcher Florian Bogner at Bee IT Security. It is being disclosed in accordance with Rapid7\u0027s vulnerability disclosure policy (https://www.rapid7.com/disclosure/)."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Rapid7 Insight Agent, version 2.6.3 and prior, suffers from a local privilege escalation due to an uncontrolled DLL search path. Specifically, when Insight Agent 2.6.3 and prior starts, the Python interpreter attempts to load python3.dll at \"C:\\DLLs\\python3.dll,\" which normally is writable by locally authenticated users. Because of this, a malicious local user could use Insight Agent\u0027s startup conditions to elevate to SYSTEM privileges. This issue was fixed in Rapid7 Insight Agent 2.6.4."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.7"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-427: Uncontrolled Search Path Element"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20190603 Rapid7\u0027s Windows InsightIDR Agent: Local Privilege Escalation",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Jun/0"
},
{
"name": "http://packetstormsecurity.com/files/153159/Rapid7-Windows-InsightIDR-Agent-2.6.3.14-Local-Privilege-Escalation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/153159/Rapid7-Windows-InsightIDR-Agent-2.6.3.14-Local-Privilege-Escalation.html"
},
{
"name": "20190611 Rapid7\u0027s Windows InsightIDR Agent: Local Privilege Escalation",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Jun/13"
},
{
"name": "https://help.rapid7.com/insightagent/release-notes/archive/2019/05/#20190529",
"refsource": "CONFIRM",
"url": "https://help.rapid7.com/insightagent/release-notes/archive/2019/05/#20190529"
},
{
"name": "https://bogner.sh/2019/06/local-privilege-escalation-in-rapid7s-windows-insight-idr-agent/",
"refsource": "MISC",
"url": "https://bogner.sh/2019/06/local-privilege-escalation-in-rapid7s-windows-insight-idr-agent/"
}
]
},
"solution": [
{
"lang": "en",
"value": "This issue affects Insight Agent instances at version 2.6.4 and older. Insight Agent will normally update automatically. Otherwise, if your Insight Agent instances are not running 2.6.5 or higher, ensure that you update all instances to 2.6.5 (or later if available)."
}
],
"source": {
"advisory": "R7-2019-19",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2019-5629",
"datePublished": "2019-07-13T00:15:43.850Z",
"dateReserved": "2019-01-07T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:45:30.681Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-6482 (GCVE-0-2026-6482)
Vulnerability from cvelistv5 – Published: 2026-04-17 05:19 – Updated: 2026-04-18 03:55
VLAI
Title
Local Privilege Escalation via OpenSSL configuration file in Insight Agent
Summary
The Rapid7 Insight Agent (versions > 4.1.0.2) is vulnerable to a local privilege escalation attack that allows users to gain SYSTEM level control of a Windows host. Upon startup the agent service attempts to load an OpenSSL configuration file from a non-existent directory that is writable by standard users. By planting a crafted openssl.cnf file an attacker can trick the high-privilege service into executing arbitrary commands. This effectively permits an unprivileged user to bypass security controls and achieve a full host compromise under the agent’s SYSTEM level access.
Severity
CWE
- CWE-829 - Inclusion of functionality from untrusted control sphere
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Rapid7 | Insight Agent |
Affected:
0 , < 4.1.0.2
(custom)
|
Date Public
2026-04-09 14:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-6482",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-17T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-18T03:55:55.477Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Insight Agent",
"vendor": "Rapid7",
"versions": [
{
"lessThan": "4.1.0.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dell Security Assurance Team"
}
],
"datePublic": "2026-04-09T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Rapid7 Insight Agent (versions \u0026gt; 4.1.0.2) is vulnerable to a local privilege escalation attack that allows users to gain \u003cb\u003eSYSTEM\u003c/b\u003e\u0026nbsp;level control of a Windows host. Upon startup the agent service attempts to load an OpenSSL configuration file from a non-existent directory that is writable by standard users. By planting a crafted \u003ccode\u003eopenssl.cnf\u003c/code\u003e file an attacker can trick the high-privilege service into executing arbitrary commands. This effectively permits an unprivileged user to bypass security controls and achieve a full host compromise under the agent\u2019s \u003cb\u003eSYSTEM\u003c/b\u003e level access."
}
],
"value": "The Rapid7 Insight Agent (versions \u003e 4.1.0.2) is vulnerable to a local privilege escalation attack that allows users to gain SYSTEM\u00a0level control of a Windows host. Upon startup the agent service attempts to load an OpenSSL configuration file from a non-existent directory that is writable by standard users. By planting a crafted openssl.cnf file an attacker can trick the high-privilege service into executing arbitrary commands. This effectively permits an unprivileged user to bypass security controls and achieve a full host compromise under the agent\u2019s SYSTEM level access."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "PROOF_OF_CONCEPT",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L/E:P",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-829",
"description": "CWE-829 Inclusion of functionality from untrusted control sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T05:22:25.106Z",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"url": "https://docs.rapid7.com/insight/release-notes-2026-april/#improvements-and-fixes"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Local Privilege Escalation via OpenSSL configuration file in Insight Agent",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2026-6482",
"datePublished": "2026-04-17T05:19:20.485Z",
"dateReserved": "2026-04-17T04:25:38.616Z",
"dateUpdated": "2026-04-18T03:55:55.477Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-2273 (GCVE-0-2023-2273)
Vulnerability from cvelistv5 – Published: 2023-04-26 08:55 – Updated: 2025-01-31 16:13
VLAI
Title
Rapid7 Insight Agent Directory Traversal
Summary
Rapid7 Insight Agent token handler versions 3.2.6 and below, suffer from a Directory Traversal vulnerability whereby unsanitized input from a CLI argument flows into io.ioutil.WriteFile, where it is used as a path. This can result in a Path Traversal vulnerability and allow an attacker to write arbitrary files. This issue is remediated in version 3.3.0 via safe guards that reject inputs that attempt to do path traversal.
Severity
5.8 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Rapid7 | Insight Agent |
Affected:
0 , < 3.3.0
(custom)
|
Date Public
2023-04-25 16:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:19:14.644Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://docs.rapid7.com/release-notes/insightagent/20230425/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2273",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-31T16:12:57.435689Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-31T16:13:24.347Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Insight Agent",
"vendor": "Rapid7",
"versions": [
{
"lessThan": "3.3.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-04-25T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Rapid7 Insight Agent token handler versions 3.2.6 and below, suffer from a Directory Traversal vulnerability whereby unsanitized input from a CLI argument flows into io.ioutil.WriteFile, where it is used as a path. This can result in a Path Traversal vulnerability and allow an attacker to write arbitrary files. This issue is remediated in version 3.3.0 via safe guards that reject inputs that attempt to do path traversal."
}
],
"value": "Rapid7 Insight Agent token handler versions 3.2.6 and below, suffer from a Directory Traversal vulnerability whereby unsanitized input from a CLI argument flows into io.ioutil.WriteFile, where it is used as a path. This can result in a Path Traversal vulnerability and allow an attacker to write arbitrary files. This issue is remediated in version 3.3.0 via safe guards that reject inputs that attempt to do path traversal."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-26T08:59:51.382Z",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"url": "https://docs.rapid7.com/release-notes/insightagent/20230425/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Rapid7 Insight Agent Directory Traversal",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2023-2273",
"datePublished": "2023-04-26T08:55:36.868Z",
"dateReserved": "2023-04-25T08:45:42.126Z",
"dateUpdated": "2025-01-31T16:13:24.347Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0237 (GCVE-0-2022-0237)
Vulnerability from cvelistv5 – Published: 2022-03-17 22:30 – Updated: 2024-09-16 20:01
VLAI
Title
Rapid7 Insight Agent Privilege Escalation
Summary
Rapid7 Insight Agent versions 3.1.2.38 and earlier suffer from a privilege escalation vulnerability, whereby an attacker can hijack the flow of execution due to an unquoted argument to the runas.exe command used by the ir_agent.exe component, resulting in elevated rights and persistent access to the machine. This issue was fixed in Rapid7 Insight Agent version 3.1.3.80.
Severity
4 (Medium)
CWE
- CWE-264 - Permissions, Privileges, and Access Controls
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://docs.rapid7.com/release-notes/insightagen… | x_refsource_CONFIRM |
| https://gist.github.com/n2dez/05d43c616f2b403e84e… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Rapid7 | Insight Agent |
Affected:
3.1.2.38 , ≤ 3.1.2.38
(custom)
|
Date Public
2022-02-25 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:42.984Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://docs.rapid7.com/release-notes/insightagent/20220225/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/n2dez/05d43c616f2b403e84ee55d4d7aab251"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Insight Agent",
"vendor": "Rapid7",
"versions": [
{
"lessThanOrEqual": "3.1.2.38",
"status": "affected",
"version": "3.1.2.38",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Ryan Schachtschneider"
}
],
"datePublic": "2022-02-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Rapid7 Insight Agent versions 3.1.2.38 and earlier suffer from a privilege escalation vulnerability, whereby an attacker can hijack the flow of execution due to an unquoted argument to the runas.exe command used by the ir_agent.exe component, resulting in elevated rights and persistent access to the machine. This issue was fixed in Rapid7 Insight Agent version 3.1.3.80."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-264",
"description": "CWE-264 Permissions, Privileges, and Access Controls",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-17T22:30:16.000Z",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://docs.rapid7.com/release-notes/insightagent/20220225/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/n2dez/05d43c616f2b403e84ee55d4d7aab251"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Rapid7 Insight Agent Privilege Escalation",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "2022-02-25T00:00:00.000Z",
"ID": "CVE-2022-0237",
"STATE": "PUBLIC",
"TITLE": "Rapid7 Insight Agent Privilege Escalation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Insight Agent",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "\u003c=",
"version_name": "3.1.2.38",
"version_value": "3.1.2.38"
}
]
}
}
]
},
"vendor_name": "Rapid7"
}
]
}
},
"configuration": [],
"credit": [
{
"lang": "eng",
"value": "Ryan Schachtschneider"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Rapid7 Insight Agent versions 3.1.2.38 and earlier suffer from a privilege escalation vulnerability, whereby an attacker can hijack the flow of execution due to an unquoted argument to the runas.exe command used by the ir_agent.exe component, resulting in elevated rights and persistent access to the machine. This issue was fixed in Rapid7 Insight Agent version 3.1.3.80."
}
]
},
"exploit": [],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-264 Permissions, Privileges, and Access Controls"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.rapid7.com/release-notes/insightagent/20220225/",
"refsource": "CONFIRM",
"url": "https://docs.rapid7.com/release-notes/insightagent/20220225/"
},
{
"name": "https://gist.github.com/n2dez/05d43c616f2b403e84ee55d4d7aab251",
"refsource": "MISC",
"url": "https://gist.github.com/n2dez/05d43c616f2b403e84ee55d4d7aab251"
}
]
},
"solution": [],
"source": {
"advisory": "",
"defect": [],
"discovery": "UNKNOWN"
},
"work_around": []
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2022-0237",
"datePublished": "2022-03-17T22:30:16.553Z",
"dateReserved": "2022-01-14T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:01:39.262Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-4016 (GCVE-0-2021-4016)
Vulnerability from cvelistv5 – Published: 2022-01-21 18:00 – Updated: 2024-09-16 22:30
VLAI
Title
Rapid7 Insight Agent Improper Access Control
Summary
Rapid7 Insight Agent, versions prior to 3.1.3, suffer from an improper access control vulnerability whereby, the user has access to the snapshot directory. An attacker can access, read and copy any of the files in this directory e.g. asset_info.json or file_info.json, leading to a loss of confidentiality. This issue was fixed in Rapid7 Insight Agent 3.1.3.
Severity
4 (Medium)
CWE
- CWE-284 - Improper Access Control
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://docs.rapid7.com/release-notes/insightagen… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Rapid7 | Insight Agent |
Affected:
3.1.3 , < 3.1.3
(custom)
|
Date Public
2022-01-19 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:16:03.186Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://docs.rapid7.com/release-notes/insightagent/20220119/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Insight Agent",
"vendor": "Rapid7",
"versions": [
{
"lessThan": "3.1.3",
"status": "affected",
"version": "3.1.3",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Andreas Welcker"
}
],
"datePublic": "2022-01-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Rapid7 Insight Agent, versions prior to 3.1.3, suffer from an improper access control vulnerability whereby, the user has access to the snapshot directory. An attacker can access, read and copy any of the files in this directory e.g. asset_info.json or file_info.json, leading to a loss of confidentiality. This issue was fixed in Rapid7 Insight Agent 3.1.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-21T18:00:11.000Z",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://docs.rapid7.com/release-notes/insightagent/20220119/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Rapid7 Insight Agent Improper Access Control",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "2022-01-19T00:00:00.000Z",
"ID": "CVE-2021-4016",
"STATE": "PUBLIC",
"TITLE": "Rapid7 Insight Agent Improper Access Control"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Insight Agent",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "\u003c",
"version_name": "3.1.3",
"version_value": "3.1.3"
}
]
}
}
]
},
"vendor_name": "Rapid7"
}
]
}
},
"configuration": [],
"credit": [
{
"lang": "eng",
"value": "Andreas Welcker"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Rapid7 Insight Agent, versions prior to 3.1.3, suffer from an improper access control vulnerability whereby, the user has access to the snapshot directory. An attacker can access, read and copy any of the files in this directory e.g. asset_info.json or file_info.json, leading to a loss of confidentiality. This issue was fixed in Rapid7 Insight Agent 3.1.3."
}
]
},
"exploit": [],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.rapid7.com/release-notes/insightagent/20220119/",
"refsource": "CONFIRM",
"url": "https://docs.rapid7.com/release-notes/insightagent/20220119/"
}
]
},
"solution": [],
"source": {
"advisory": "",
"defect": [],
"discovery": "UNKNOWN"
},
"work_around": []
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2021-4016",
"datePublished": "2022-01-21T18:00:11.396Z",
"dateReserved": "2021-11-24T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:30:10.497Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-4007 (GCVE-0-2021-4007)
Vulnerability from cvelistv5 – Published: 2021-12-14 14:55 – Updated: 2024-09-16 21:57
VLAI
Title
Rapid7 Insight Agent Privilege Escalation
Summary
Rapid7 Insight Agent, versions 3.0.1 to 3.1.2.34, suffer from a local privilege escalation due to an uncontrolled DLL search path. Specifically, when Insight Agent versions 3.0.1 to 3.1.2.34 start, the Python interpreter attempts to load python3.dll at "C:\DLLs\python3.dll," which normally is writable by locally authenticated users. Because of this, a malicious local user could use Insight Agent's startup conditions to elevate to SYSTEM privileges. This issue was fixed in Rapid7 Insight Agent 3.1.2.35. This vulnerability is a regression of CVE-2019-5629.
Severity
7.8 (High)
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://docs.rapid7.com/release-notes/insightagen… | x_refsource_CONFIRM |
| https://cve.mitre.org/cgi-bin/cvename.cgi?name=20… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Rapid7 | Insight Agent |
Affected:
3.0.1 , < 3.0.1*
(custom)
Affected: 3.1.2.34 , ≤ 3.1.2.34 (custom) |
Date Public
2021-12-10 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:16:03.261Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://docs.rapid7.com/release-notes/insightagent/20211210/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-5629"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Insight Agent",
"vendor": "Rapid7",
"versions": [
{
"lessThan": "3.0.1*",
"status": "affected",
"version": "3.0.1",
"versionType": "custom"
},
{
"lessThanOrEqual": "3.1.2.34",
"status": "affected",
"version": "3.1.2.34",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Dawson Medin discovered and disclosed this issue to Rapid7"
}
],
"datePublic": "2021-12-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Rapid7 Insight Agent, versions 3.0.1 to 3.1.2.34, suffer from a local privilege escalation due to an uncontrolled DLL search path. Specifically, when Insight Agent versions 3.0.1 to 3.1.2.34 start, the Python interpreter attempts to load python3.dll at \"C:\\DLLs\\python3.dll,\" which normally is writable by locally authenticated users. Because of this, a malicious local user could use Insight Agent\u0027s startup conditions to elevate to SYSTEM privileges. This issue was fixed in Rapid7 Insight Agent 3.1.2.35. This vulnerability is a regression of CVE-2019-5629."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-14T14:55:14.000Z",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://docs.rapid7.com/release-notes/insightagent/20211210/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-5629"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Rapid7 Insight Agent Privilege Escalation",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "2021-12-10T15:00:00.000Z",
"ID": "CVE-2021-4007",
"STATE": "PUBLIC",
"TITLE": "Rapid7 Insight Agent Privilege Escalation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Insight Agent",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "\u003e=",
"version_name": "3.0.1",
"version_value": "3.0.1"
},
{
"platform": "",
"version_affected": "\u003c=",
"version_name": "3.1.2.34",
"version_value": "3.1.2.34"
}
]
}
}
]
},
"vendor_name": "Rapid7"
}
]
}
},
"configuration": [],
"credit": [
{
"lang": "eng",
"value": "Dawson Medin discovered and disclosed this issue to Rapid7"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Rapid7 Insight Agent, versions 3.0.1 to 3.1.2.34, suffer from a local privilege escalation due to an uncontrolled DLL search path. Specifically, when Insight Agent versions 3.0.1 to 3.1.2.34 start, the Python interpreter attempts to load python3.dll at \"C:\\DLLs\\python3.dll,\" which normally is writable by locally authenticated users. Because of this, a malicious local user could use Insight Agent\u0027s startup conditions to elevate to SYSTEM privileges. This issue was fixed in Rapid7 Insight Agent 3.1.2.35. This vulnerability is a regression of CVE-2019-5629."
}
]
},
"exploit": [],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-427 Uncontrolled Search Path Element"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.rapid7.com/release-notes/insightagent/20211210/",
"refsource": "CONFIRM",
"url": "https://docs.rapid7.com/release-notes/insightagent/20211210/"
},
{
"name": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-5629",
"refsource": "MISC",
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-5629"
}
]
},
"solution": [],
"source": {
"advisory": "",
"defect": [],
"discovery": "UNKNOWN"
},
"work_around": []
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2021-4007",
"datePublished": "2021-12-14T14:55:14.461Z",
"dateReserved": "2021-11-23T00:00:00.000Z",
"dateUpdated": "2024-09-16T21:57:47.130Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5629 (GCVE-0-2019-5629)
Vulnerability from cvelistv5 – Published: 2019-07-13 00:15 – Updated: 2024-09-16 22:45
VLAI
Summary
Rapid7 Insight Agent, version 2.6.3 and prior, suffers from a local privilege escalation due to an uncontrolled DLL search path. Specifically, when Insight Agent 2.6.3 and prior starts, the Python interpreter attempts to load python3.dll at "C:\DLLs\python3.dll," which normally is writable by locally authenticated users. Because of this, a malicious local user could use Insight Agent's startup conditions to elevate to SYSTEM privileges. This issue was fixed in Rapid7 Insight Agent 2.6.4.
Severity
7.8 (High)
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://seclists.org/bugtraq/2019/Jun/0 | mailing-listx_refsource_BUGTRAQ |
| http://packetstormsecurity.com/files/153159/Rapid… | x_refsource_MISC |
| http://seclists.org/fulldisclosure/2019/Jun/13 | mailing-listx_refsource_FULLDISC |
| https://help.rapid7.com/insightagent/release-note… | x_refsource_CONFIRM |
| https://bogner.sh/2019/06/local-privilege-escalat… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Rapid7 | Insight Agent |
Affected:
2.6.3 and prior
|
Date Public
2019-05-29 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:01:51.670Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20190603 Rapid7\u0027s Windows InsightIDR Agent: Local Privilege Escalation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Jun/0"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/153159/Rapid7-Windows-InsightIDR-Agent-2.6.3.14-Local-Privilege-Escalation.html"
},
{
"name": "20190611 Rapid7\u0027s Windows InsightIDR Agent: Local Privilege Escalation",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Jun/13"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://help.rapid7.com/insightagent/release-notes/archive/2019/05/#20190529"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bogner.sh/2019/06/local-privilege-escalation-in-rapid7s-windows-insight-idr-agent/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Insight Agent",
"vendor": "Rapid7",
"versions": [
{
"status": "affected",
"version": "2.6.3 and prior"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered, and reported to Rapid7, by independent researcher Florian Bogner at Bee IT Security. It is being disclosed in accordance with Rapid7\u0027s vulnerability disclosure policy (https://www.rapid7.com/disclosure/)."
}
],
"datePublic": "2019-05-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Rapid7 Insight Agent, version 2.6.3 and prior, suffers from a local privilege escalation due to an uncontrolled DLL search path. Specifically, when Insight Agent 2.6.3 and prior starts, the Python interpreter attempts to load python3.dll at \"C:\\DLLs\\python3.dll,\" which normally is writable by locally authenticated users. Because of this, a malicious local user could use Insight Agent\u0027s startup conditions to elevate to SYSTEM privileges. This issue was fixed in Rapid7 Insight Agent 2.6.4."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427: Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-13T00:16:06.000Z",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"name": "20190603 Rapid7\u0027s Windows InsightIDR Agent: Local Privilege Escalation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Jun/0"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/153159/Rapid7-Windows-InsightIDR-Agent-2.6.3.14-Local-Privilege-Escalation.html"
},
{
"name": "20190611 Rapid7\u0027s Windows InsightIDR Agent: Local Privilege Escalation",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Jun/13"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://help.rapid7.com/insightagent/release-notes/archive/2019/05/#20190529"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bogner.sh/2019/06/local-privilege-escalation-in-rapid7s-windows-insight-idr-agent/"
}
],
"solutions": [
{
"lang": "en",
"value": "This issue affects Insight Agent instances at version 2.6.4 and older. Insight Agent will normally update automatically. Otherwise, if your Insight Agent instances are not running 2.6.5 or higher, ensure that you update all instances to 2.6.5 (or later if available)."
}
],
"source": {
"advisory": "R7-2019-19",
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.7"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "2019-05-29T17:17:00.000Z",
"ID": "CVE-2019-5629",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Insight Agent",
"version": {
"version_data": [
{
"version_value": "2.6.3 and prior"
}
]
}
}
]
},
"vendor_name": "Rapid7"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was discovered, and reported to Rapid7, by independent researcher Florian Bogner at Bee IT Security. It is being disclosed in accordance with Rapid7\u0027s vulnerability disclosure policy (https://www.rapid7.com/disclosure/)."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Rapid7 Insight Agent, version 2.6.3 and prior, suffers from a local privilege escalation due to an uncontrolled DLL search path. Specifically, when Insight Agent 2.6.3 and prior starts, the Python interpreter attempts to load python3.dll at \"C:\\DLLs\\python3.dll,\" which normally is writable by locally authenticated users. Because of this, a malicious local user could use Insight Agent\u0027s startup conditions to elevate to SYSTEM privileges. This issue was fixed in Rapid7 Insight Agent 2.6.4."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.7"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-427: Uncontrolled Search Path Element"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20190603 Rapid7\u0027s Windows InsightIDR Agent: Local Privilege Escalation",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Jun/0"
},
{
"name": "http://packetstormsecurity.com/files/153159/Rapid7-Windows-InsightIDR-Agent-2.6.3.14-Local-Privilege-Escalation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/153159/Rapid7-Windows-InsightIDR-Agent-2.6.3.14-Local-Privilege-Escalation.html"
},
{
"name": "20190611 Rapid7\u0027s Windows InsightIDR Agent: Local Privilege Escalation",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Jun/13"
},
{
"name": "https://help.rapid7.com/insightagent/release-notes/archive/2019/05/#20190529",
"refsource": "CONFIRM",
"url": "https://help.rapid7.com/insightagent/release-notes/archive/2019/05/#20190529"
},
{
"name": "https://bogner.sh/2019/06/local-privilege-escalation-in-rapid7s-windows-insight-idr-agent/",
"refsource": "MISC",
"url": "https://bogner.sh/2019/06/local-privilege-escalation-in-rapid7s-windows-insight-idr-agent/"
}
]
},
"solution": [
{
"lang": "en",
"value": "This issue affects Insight Agent instances at version 2.6.4 and older. Insight Agent will normally update automatically. Otherwise, if your Insight Agent instances are not running 2.6.5 or higher, ensure that you update all instances to 2.6.5 (or later if available)."
}
],
"source": {
"advisory": "R7-2019-19",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2019-5629",
"datePublished": "2019-07-13T00:15:43.850Z",
"dateReserved": "2019-01-07T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:45:30.681Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}