{"containers": {"cna": {"affected": [{"product": "Insight Agent", "vendor": "Rapid7", "versions": [{"status": "affected", "version": "2.6.3 and prior"}]}], "credits": [{"lang": "en", "value": "This issue was discovered, and reported to Rapid7, by independent researcher Florian Bogner at Bee IT Security. It is being disclosed in accordance with Rapid7's vulnerability disclosure policy (https://www.rapid7.com/disclosure/)."}], "datePublic": "2019-05-29T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Rapid7 Insight Agent, version 2.6.3 and prior, suffers from a local privilege escalation due to an uncontrolled DLL search path. Specifically, when Insight Agent 2.6.3 and prior starts, the Python interpreter attempts to load python3.dll at \"C:\\DLLs\\python3.dll,\" which normally is writable by locally authenticated users. Because of this, a malicious local user could use Insight Agent's startup conditions to elevate to SYSTEM privileges. This issue was fixed in Rapid7 Insight Agent 2.6.4."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-427", "description": "CWE-427: Uncontrolled Search Path Element", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-07-13T00:16:06.000Z", "orgId": "9974b330-7714-4307-a722-5648477acda7", "shortName": "rapid7"}, "references": [{"name": "20190603 Rapid7's Windows InsightIDR Agent: Local Privilege Escalation", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "https://seclists.org/bugtraq/2019/Jun/0"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/153159/Rapid7-Windows-InsightIDR-Agent-2.6.3.14-Local-Privilege-Escalation.html"}, {"name": "20190611 Rapid7's Windows InsightIDR Agent: Local Privilege Escalation", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2019/Jun/13"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://help.rapid7.com/insightagent/release-notes/archive/2019/05/#20190529"}, {"tags": ["x_refsource_MISC"], "url": "https://bogner.sh/2019/06/local-privilege-escalation-in-rapid7s-windows-insight-idr-agent/"}], "solutions": [{"lang": "en", "value": "This issue affects Insight Agent instances at version 2.6.4 and older. Insight Agent will normally update automatically. Otherwise, if your Insight Agent instances are not running 2.6.5 or higher, ensure that you update all instances to 2.6.5 (or later if available)."}], "source": {"advisory": "R7-2019-19", "discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.0.7"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@rapid7.com", "DATE_PUBLIC": "2019-05-29T17:17:00.000Z", "ID": "CVE-2019-5629", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Insight Agent", "version": {"version_data": [{"version_value": "2.6.3 and prior"}]}}]}, "vendor_name": "Rapid7"}]}}, "credit": [{"lang": "eng", "value": "This issue was discovered, and reported to Rapid7, by independent researcher Florian Bogner at Bee IT Security. It is being disclosed in accordance with Rapid7's vulnerability disclosure policy (https://www.rapid7.com/disclosure/)."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Rapid7 Insight Agent, version 2.6.3 and prior, suffers from a local privilege escalation due to an uncontrolled DLL search path. Specifically, when Insight Agent 2.6.3 and prior starts, the Python interpreter attempts to load python3.dll at \"C:\\DLLs\\python3.dll,\" which normally is writable by locally authenticated users. Because of this, a malicious local user could use Insight Agent's startup conditions to elevate to SYSTEM privileges. This issue was fixed in Rapid7 Insight Agent 2.6.4."}]}, "generator": {"engine": "Vulnogram 0.0.7"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-427: Uncontrolled Search Path Element"}]}]}, "references": {"reference_data": [{"name": "20190603 Rapid7's Windows InsightIDR Agent: Local Privilege Escalation", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Jun/0"}, {"name": "http://packetstormsecurity.com/files/153159/Rapid7-Windows-InsightIDR-Agent-2.6.3.14-Local-Privilege-Escalation.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/153159/Rapid7-Windows-InsightIDR-Agent-2.6.3.14-Local-Privilege-Escalation.html"}, {"name": "20190611 Rapid7's Windows InsightIDR Agent: Local Privilege Escalation", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/Jun/13"}, {"name": "https://help.rapid7.com/insightagent/release-notes/archive/2019/05/#20190529", "refsource": "CONFIRM", "url": "https://help.rapid7.com/insightagent/release-notes/archive/2019/05/#20190529"}, {"name": "https://bogner.sh/2019/06/local-privilege-escalation-in-rapid7s-windows-insight-idr-agent/", "refsource": "MISC", "url": "https://bogner.sh/2019/06/local-privilege-escalation-in-rapid7s-windows-insight-idr-agent/"}]}, "solution": [{"lang": "en", "value": "This issue affects Insight Agent instances at version 2.6.4 and older. Insight Agent will normally update automatically. Otherwise, if your Insight Agent instances are not running 2.6.5 or higher, ensure that you update all instances to 2.6.5 (or later if available)."}], "source": {"advisory": "R7-2019-19", "discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T20:01:51.670Z"}, "title": "CVE Program Container", "references": [{"name": "20190603 Rapid7's Windows InsightIDR Agent: Local Privilege Escalation", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "https://seclists.org/bugtraq/2019/Jun/0"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/153159/Rapid7-Windows-InsightIDR-Agent-2.6.3.14-Local-Privilege-Escalation.html"}, {"name": "20190611 Rapid7's Windows InsightIDR Agent: Local Privilege Escalation", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2019/Jun/13"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://help.rapid7.com/insightagent/release-notes/archive/2019/05/#20190529"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bogner.sh/2019/06/local-privilege-escalation-in-rapid7s-windows-insight-idr-agent/"}]}]}, "cveMetadata": {"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7", "assignerShortName": "rapid7", "cveId": "CVE-2019-5629", "datePublished": "2019-07-13T00:15:43.850Z", "dateReserved": "2019-01-07T00:00:00.000Z", "dateUpdated": "2024-09-16T22:45:30.681Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:rapid7:insight_agent:*:*:*:*:*:*:*:*", "matchCriteriaId": "69F19D38-E9AE-46E3-878C-84EFB0D451A1", "versionEndIncluding": "2.6.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Rapid7 Insight Agent, version 2.6.3 and prior, suffers from a local privilege escalation due to an uncontrolled DLL search path. Specifically, when Insight Agent 2.6.3 and prior starts, the Python interpreter attempts to load python3.dll at \"C:\\DLLs\\python3.dll,\" which normally is writable by locally authenticated users. Because of this, a malicious local user could use Insight Agent's startup conditions to elevate to SYSTEM privileges. This issue was fixed in Rapid7 Insight Agent 2.6.4."}, {"lang": "es", "value": "Insight Agent de Rapid7, versi\u00f3n 2.6.3 y anteriores, sufre de una escalada de privilegios locales debido a una ruta (path) de b\u00fasqueda de DLL no controlada. Espec\u00edficamente, durante el inicio de Insight Agent versi\u00f3n 2.6.3 y anteriores, el int\u00e9rprete de Python intenta cargar python3.dll en \"C:\\DLLs\\python3.dll\", que com\u00fanmente es escribible por usuarios autenticados localmente. Debido a esto, un usuario local malicioso podr\u00eda usar las condiciones de inicio de Insight Agent para elevar los privilegios a SYSTEM. Este problema fue solucionado en Rapid7 Insight Agent versi\u00f3n 2.6.4."}], "id": "CVE-2019-5629", "lastModified": "2024-11-21T04:45:16.070", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "cve@rapid7.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-07-13T01:15:10.447", "references": [{"source": "cve@rapid7.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/153159/Rapid7-Windows-InsightIDR-Agent-2.6.3.14-Local-Privilege-Escalation.html"}, {"source": "cve@rapid7.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2019/Jun/13"}, {"source": "cve@rapid7.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://bogner.sh/2019/06/local-privilege-escalation-in-rapid7s-windows-insight-idr-agent/"}, {"source": "cve@rapid7.com", "tags": ["Third Party Advisory"], "url": "https://help.rapid7.com/insightagent/release-notes/archive/2019/05/#20190529"}, {"source": "cve@rapid7.com", "tags": ["Issue Tracking", "Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Jun/0"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/153159/Rapid7-Windows-InsightIDR-Agent-2.6.3.14-Local-Privilege-Escalation.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2019/Jun/13"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://bogner.sh/2019/06/local-privilege-escalation-in-rapid7s-windows-insight-idr-agent/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://help.rapid7.com/insightagent/release-notes/archive/2019/05/#20190529"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Jun/0"}], "sourceIdentifier": "cve@rapid7.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-427"}], "source": "cve@rapid7.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-427"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}