3 matches found
CVE-2020-7382
Rapid7 Nexpose installer version prior to 6.6.40 contains an Unquoted Search Path which may allow an attacker on the local machine to insert an arbitrary file into the executable path. This issue affects: Rapid7 Nexpose versions prior to 6.6.40...
Rapid7 Nexpose Installer 6.6.39 Local Privilege Escalation
Summary Rapid7 Nexpose is a vulnerability scanner which aims to support the entire vulnerability management lifecycle, including discovery, detection, verification, risk classification, impact analysis, reporting and mitigation. It integrates with Rapid7's Metasploit for vulnerability exploitatio...
CVE-2020-7382
CVE-2020-7382 affects Rapid7 Nexpose installer prior to version 6.6.40. The root cause is an Unquoted Search Path in the installer, which can allow a local attacker to cause the executable to load a malicious file placed in the path, enabling local privilege escalation. Affected version range is