Lucene search

Rapid7CVELIST:CVE-2021-4007

HistoryDec 10, 2021 - 12:00 a.m.

CVE-2021-4007 Rapid7 Insight Agent Privilege Escalation

2021-12-1000:00:00

CWE-427

rapid7

www.cve.org

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON

Rapid7 Insight Agent, versions 3.0.1 to 3.1.2.34, suffer from a local privilege escalation due to an uncontrolled DLL search path. Specifically, when Insight Agent versions 3.0.1 to 3.1.2.34 start, the Python interpreter attempts to load python3.dll at “C:\DLLs\python3.dll,” which normally is writable by locally authenticated users. Because of this, a malicious local user could use Insight Agent’s startup conditions to elevate to SYSTEM privileges. This issue was fixed in Rapid7 Insight Agent 3.1.2.35. This vulnerability is a regression of CVE-2019-5629.

CNA Affected

[
  {
    "product": "Insight Agent",
    "vendor": "Rapid7",
    "versions": [
      {
        "lessThan": "3.0.1*",
        "status": "affected",
        "version": "3.0.1",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "3.1.2.34",
        "status": "affected",
        "version": "3.1.2.34",
        "versionType": "custom"
      }
    ]
  }
]

References

cve.mitre.org/cgi-bin/cvename.cgi?name=2019-5629

docs.rapid7.com/release-notes/insightagent/20211210/

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVELIST:CVE-2021-4007