CVE-2019-5629 (GCVE-0-2019-5629)

Vulnerability from cvelistv5 – Published: 2019-07-13 00:15 – Updated: 2024-09-16 22:45
VLAI?
Summary
Rapid7 Insight Agent, version 2.6.3 and prior, suffers from a local privilege escalation due to an uncontrolled DLL search path. Specifically, when Insight Agent 2.6.3 and prior starts, the Python interpreter attempts to load python3.dll at "C:\DLLs\python3.dll," which normally is writable by locally authenticated users. Because of this, a malicious local user could use Insight Agent's startup conditions to elevate to SYSTEM privileges. This issue was fixed in Rapid7 Insight Agent 2.6.4.
Severity ?
7.8 (High)
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE
  • CWE-427 - Uncontrolled Search Path Element
Assigner
References
Impacted products
Vendor Product Version
Rapid7 Insight Agent Affected: 2.6.3 and prior
Create a notification for this product.
Credits
This issue was discovered, and reported to Rapid7, by independent researcher Florian Bogner at Bee IT Security. It is being disclosed in accordance with Rapid7's vulnerability disclosure policy (https://www.rapid7.com/disclosure/).
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T20:01:51.670Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20190603 Rapid7\u0027s Windows InsightIDR Agent: Local Privilege Escalation",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Jun/0"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/153159/Rapid7-Windows-InsightIDR-Agent-2.6.3.14-Local-Privilege-Escalation.html"
          },
          {
            "name": "20190611 Rapid7\u0027s Windows InsightIDR Agent: Local Privilege Escalation",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2019/Jun/13"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://help.rapid7.com/insightagent/release-notes/archive/2019/05/#20190529"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bogner.sh/2019/06/local-privilege-escalation-in-rapid7s-windows-insight-idr-agent/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Insight Agent",
          "vendor": "Rapid7",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.3 and prior"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "This issue was discovered, and reported to Rapid7, by independent researcher Florian Bogner at Bee IT Security. It is being disclosed in accordance with Rapid7\u0027s vulnerability disclosure policy (https://www.rapid7.com/disclosure/)."
        }
      ],
      "datePublic": "2019-05-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Rapid7 Insight Agent, version 2.6.3 and prior, suffers from a local privilege escalation due to an uncontrolled DLL search path. Specifically, when Insight Agent 2.6.3 and prior starts, the Python interpreter attempts to load python3.dll at \"C:\\DLLs\\python3.dll,\" which normally is writable by locally authenticated users. Because of this, a malicious local user could use Insight Agent\u0027s startup conditions to elevate to SYSTEM privileges. This issue was fixed in Rapid7 Insight Agent 2.6.4."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-427",
              "description": "CWE-427: Uncontrolled Search Path Element",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-07-13T00:16:06",
        "orgId": "9974b330-7714-4307-a722-5648477acda7",
        "shortName": "rapid7"
      },
      "references": [
        {
          "name": "20190603 Rapid7\u0027s Windows InsightIDR Agent: Local Privilege Escalation",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Jun/0"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/153159/Rapid7-Windows-InsightIDR-Agent-2.6.3.14-Local-Privilege-Escalation.html"
        },
        {
          "name": "20190611 Rapid7\u0027s Windows InsightIDR Agent: Local Privilege Escalation",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2019/Jun/13"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://help.rapid7.com/insightagent/release-notes/archive/2019/05/#20190529"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bogner.sh/2019/06/local-privilege-escalation-in-rapid7s-windows-insight-idr-agent/"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "This issue affects Insight Agent instances at version 2.6.4 and older. Insight Agent will normally update automatically. Otherwise, if your Insight Agent instances are not running 2.6.5 or higher, ensure that you update all instances to 2.6.5 (or later if available)."
        }
      ],
      "source": {
        "advisory": "R7-2019-19",
        "discovery": "EXTERNAL"
      },
      "x_generator": {
        "engine": "Vulnogram 0.0.7"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@rapid7.com",
          "DATE_PUBLIC": "2019-05-29T17:17:00.000Z",
          "ID": "CVE-2019-5629",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Insight Agent",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2.6.3 and prior"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Rapid7"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "This issue was discovered, and reported to Rapid7, by independent researcher Florian Bogner at Bee IT Security. It is being disclosed in accordance with Rapid7\u0027s vulnerability disclosure policy (https://www.rapid7.com/disclosure/)."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Rapid7 Insight Agent, version 2.6.3 and prior, suffers from a local privilege escalation due to an uncontrolled DLL search path. Specifically, when Insight Agent 2.6.3 and prior starts, the Python interpreter attempts to load python3.dll at \"C:\\DLLs\\python3.dll,\" which normally is writable by locally authenticated users. Because of this, a malicious local user could use Insight Agent\u0027s startup conditions to elevate to SYSTEM privileges. This issue was fixed in Rapid7 Insight Agent 2.6.4."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.7"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-427: Uncontrolled Search Path Element"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20190603 Rapid7\u0027s Windows InsightIDR Agent: Local Privilege Escalation",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Jun/0"
            },
            {
              "name": "http://packetstormsecurity.com/files/153159/Rapid7-Windows-InsightIDR-Agent-2.6.3.14-Local-Privilege-Escalation.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/153159/Rapid7-Windows-InsightIDR-Agent-2.6.3.14-Local-Privilege-Escalation.html"
            },
            {
              "name": "20190611 Rapid7\u0027s Windows InsightIDR Agent: Local Privilege Escalation",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2019/Jun/13"
            },
            {
              "name": "https://help.rapid7.com/insightagent/release-notes/archive/2019/05/#20190529",
              "refsource": "CONFIRM",
              "url": "https://help.rapid7.com/insightagent/release-notes/archive/2019/05/#20190529"
            },
            {
              "name": "https://bogner.sh/2019/06/local-privilege-escalation-in-rapid7s-windows-insight-idr-agent/",
              "refsource": "MISC",
              "url": "https://bogner.sh/2019/06/local-privilege-escalation-in-rapid7s-windows-insight-idr-agent/"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "This issue affects Insight Agent instances at version 2.6.4 and older. Insight Agent will normally update automatically. Otherwise, if your Insight Agent instances are not running 2.6.5 or higher, ensure that you update all instances to 2.6.5 (or later if available)."
          }
        ],
        "source": {
          "advisory": "R7-2019-19",
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
    "assignerShortName": "rapid7",
    "cveId": "CVE-2019-5629",
    "datePublished": "2019-07-13T00:15:43.850364Z",
    "dateReserved": "2019-01-07T00:00:00",
    "dateUpdated": "2024-09-16T22:45:30.681Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rapid7:insight_agent:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"2.6.3\", \"matchCriteriaId\": \"69F19D38-E9AE-46E3-878C-84EFB0D451A1\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Rapid7 Insight Agent, version 2.6.3 and prior, suffers from a local privilege escalation due to an uncontrolled DLL search path. Specifically, when Insight Agent 2.6.3 and prior starts, the Python interpreter attempts to load python3.dll at \\\"C:\\\\DLLs\\\\python3.dll,\\\" which normally is writable by locally authenticated users. Because of this, a malicious local user could use Insight Agent\u0027s startup conditions to elevate to SYSTEM privileges. This issue was fixed in Rapid7 Insight Agent 2.6.4.\"}, {\"lang\": \"es\", \"value\": \"Insight Agent de Rapid7, versi\\u00f3n 2.6.3 y anteriores, sufre de una escalada de privilegios locales debido a una ruta (path) de b\\u00fasqueda de DLL no controlada. Espec\\u00edficamente, durante el inicio de Insight Agent versi\\u00f3n 2.6.3 y anteriores, el int\\u00e9rprete de Python intenta cargar python3.dll en \\\"C:\\\\DLLs\\\\python3.dll\\\", que com\\u00fanmente es escribible por usuarios autenticados localmente. Debido a esto, un usuario local malicioso podr\\u00eda usar las condiciones de inicio de Insight Agent para elevar los privilegios a SYSTEM. Este problema fue solucionado en Rapid7 Insight Agent versi\\u00f3n 2.6.4.\"}]",
      "id": "CVE-2019-5629",
      "lastModified": "2024-11-21T04:45:16.070",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}], \"cvssMetricV30\": [{\"source\": \"cve@rapid7.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 7.2, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 3.9, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2019-07-13T01:15:10.447",
      "references": "[{\"url\": \"http://packetstormsecurity.com/files/153159/Rapid7-Windows-InsightIDR-Agent-2.6.3.14-Local-Privilege-Escalation.html\", \"source\": \"cve@rapid7.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2019/Jun/13\", \"source\": \"cve@rapid7.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://bogner.sh/2019/06/local-privilege-escalation-in-rapid7s-windows-insight-idr-agent/\", \"source\": \"cve@rapid7.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://help.rapid7.com/insightagent/release-notes/archive/2019/05/#20190529\", \"source\": \"cve@rapid7.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://seclists.org/bugtraq/2019/Jun/0\", \"source\": \"cve@rapid7.com\", \"tags\": [\"Issue Tracking\", \"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://packetstormsecurity.com/files/153159/Rapid7-Windows-InsightIDR-Agent-2.6.3.14-Local-Privilege-Escalation.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2019/Jun/13\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://bogner.sh/2019/06/local-privilege-escalation-in-rapid7s-windows-insight-idr-agent/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://help.rapid7.com/insightagent/release-notes/archive/2019/05/#20190529\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://seclists.org/bugtraq/2019/Jun/0\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Mailing List\", \"Third Party Advisory\"]}]",
      "sourceIdentifier": "cve@rapid7.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"cve@rapid7.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-427\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-427\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-5629\",\"sourceIdentifier\":\"cve@rapid7.com\",\"published\":\"2019-07-13T01:15:10.447\",\"lastModified\":\"2024-11-21T04:45:16.070\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Rapid7 Insight Agent, version 2.6.3 and prior, suffers from a local privilege escalation due to an uncontrolled DLL search path. Specifically, when Insight Agent 2.6.3 and prior starts, the Python interpreter attempts to load python3.dll at \\\"C:\\\\DLLs\\\\python3.dll,\\\" which normally is writable by locally authenticated users. Because of this, a malicious local user could use Insight Agent\u0027s startup conditions to elevate to SYSTEM privileges. This issue was fixed in Rapid7 Insight Agent 2.6.4.\"},{\"lang\":\"es\",\"value\":\"Insight Agent de Rapid7, versi\u00f3n 2.6.3 y anteriores, sufre de una escalada de privilegios locales debido a una ruta (path) de b\u00fasqueda de DLL no controlada. Espec\u00edficamente, durante el inicio de Insight Agent versi\u00f3n 2.6.3 y anteriores, el int\u00e9rprete de Python intenta cargar python3.dll en \\\"C:\\\\DLLs\\\\python3.dll\\\", que com\u00fanmente es escribible por usuarios autenticados localmente. Debido a esto, un usuario local malicioso podr\u00eda usar las condiciones de inicio de Insight Agent para elevar los privilegios a SYSTEM. Este problema fue solucionado en Rapid7 Insight Agent versi\u00f3n 2.6.4.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV30\":[{\"source\":\"cve@rapid7.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":7.2,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":3.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"cve@rapid7.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-427\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-427\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rapid7:insight_agent:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.6.3\",\"matchCriteriaId\":\"69F19D38-E9AE-46E3-878C-84EFB0D451A1\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/153159/Rapid7-Windows-InsightIDR-Agent-2.6.3.14-Local-Privilege-Escalation.html\",\"source\":\"cve@rapid7.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://seclists.org/fulldisclosure/2019/Jun/13\",\"source\":\"cve@rapid7.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://bogner.sh/2019/06/local-privilege-escalation-in-rapid7s-windows-insight-idr-agent/\",\"source\":\"cve@rapid7.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://help.rapid7.com/insightagent/release-notes/archive/2019/05/#20190529\",\"source\":\"cve@rapid7.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://seclists.org/bugtraq/2019/Jun/0\",\"source\":\"cve@rapid7.com\",\"tags\":[\"Issue Tracking\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/153159/Rapid7-Windows-InsightIDR-Agent-2.6.3.14-Local-Privilege-Escalation.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://seclists.org/fulldisclosure/2019/Jun/13\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://bogner.sh/2019/06/local-privilege-escalation-in-rapid7s-windows-insight-idr-agent/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://help.rapid7.com/insightagent/release-notes/archive/2019/05/#20190529\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://seclists.org/bugtraq/2019/Jun/0\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mailing List\",\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.