CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2017-5242 – Rapid7 Nexpose Virtual Appliance Duplicate SSH Host Key
https://notcve.org/view.php?id=CVE-2017-5242
12 Jan 2023 — Nexpose and InsightVM virtual appliances downloaded between April 5th, 2017 and May 3rd, 2017 contain identical SSH host keys. Normally, a unique SSH host key should be generated the first time a virtual appliance boots. Los dispositivos virtuales Nexpose e InsightVM descargados entre el 5 de abril de 2017 y el 3 de mayo de 2017 contienen claves de host SSH idénticas. Normalmente, se debe generar una clave de host SSH única la primera vez que se inicia un dispositivo virtual. • https://www.rapid7.com/blog/post/2017/05/17/rapid7-nexpose-virtual-appliance-duplicate-ssh-host-key-cve-2017-5242 • CWE-321: Use of Hard-coded Cryptographic Key CWE-330: Use of Insufficiently Random Values •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-4261 – Rapid7 Nexpose Update Validation Issue
https://notcve.org/view.php?id=CVE-2022-4261
07 Dec 2022 — Rapid7 Nexpose and InsightVM versions prior to 6.6.172 failed to reliably validate the authenticity of update contents. This failure could allow an attacker to provide a malicious update and alter the functionality of Rapid7 Nexpose. The attacker would need some pre-existing mechanism to provide a malicious update, either through a social engineering effort, privileged access to replace downloaded updates in transit, or by performing an Attacker-in-the-Middle attack on the update service itself. Las version... • https://docs.rapid7.com/release-notes/insightvm/20221207 • CWE-494: Download of Code Without Integrity Check •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-5641 – Rapid7 InsightVM Information Disclosure after Logout
https://notcve.org/view.php?id=CVE-2019-5641
21 Sep 2022 — Rapid7 InsightVM suffers from an information exposure issue whereby, when the user's session has ended due to inactivity, an attacker can use the Inspect Element browser feature to remove the login panel and view the details available in the last webpage visited by previous user Rapid7 InsightVM sufre un problema de exposición de información por el que, cuando la sesión del usuario ha finalizado por inactividad, un atacante puede usar la función del navegador Inspect Element para eliminar el panel de acceso... • https://docs.rapid7.com/release-notes/insightvm/20220830 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-613: Insufficient Session Expiration •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-35632 – XSS in User Interface
https://notcve.org/view.php?id=CVE-2022-35632
29 Jul 2022 — The Velociraptor GUI contains an editor suggestion feature that can display the description field of a VQL function, plugin or artifact. This field was not properly sanitized and can lead to cross-site scripting (XSS). This issue was resolved in Velociraptor 0.6.5-2. La Interfaz Gráfica de Velociraptor contiene una funcionalidad editor suggestion que puede mostrar el campo de descripción de una función VQL, plugin o artefacto. Este campo no estaba apropiadamente saneado y puede conllevar a un ataque de tipo... • https://www.rapid7.com/blog/post/2022/07/26/cve-2022-35629-35632-velociraptor-multiple-vulnerabilities-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-35631 – Filesystem race on temporary files
https://notcve.org/view.php?id=CVE-2022-35631
29 Jul 2022 — On MacOS and Linux, it may be possible to perform a symlink attack by replacing this predictable file name with a symlink to another file and have the Velociraptor client overwrite the other file. This issue was resolved in Velociraptor 0.6.5-2. En MacOS y Linux, puede ser posible llevar a cabo un ataque de symlink al reemplazar este nombre de archivo predecible con un symlink a otro archivo y hacer que el cliente de Velociraptor sobrescriba el otro archivo. Este problema fue resuelto en Velociraptor versió... • https://www.rapid7.com/blog/post/2022/07/26/cve-2022-35629-35632-velociraptor-multiple-vulnerabilities-fixed • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-377: Insecure Temporary File •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-35630 – Unsafe HTML Injection in Artifact Collection Report
https://notcve.org/view.php?id=CVE-2022-35630
29 Jul 2022 — A cross-site scripting (XSS) issue in generating a collection report made it possible for malicious clients to inject JavaScript code into the static HTML file. This issue was resolved in Velociraptor 0.6.5-2. Un problema de tipo cross-site scripting (XSS) en la generación de un informe de colección hacía posible que clientes maliciosos inyectaran código JavaScript en el archivo HTML estático. Este problema se resolvió en Velociraptor versión 0.6.5-2 • https://www.rapid7.com/blog/post/2022/07/26/cve-2022-35629-35632-velociraptor-multiple-vulnerabilities-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-35629 – Velociraptor Client ID Spoofing
https://notcve.org/view.php?id=CVE-2022-35629
29 Jul 2022 — Due to a bug in the handling of the communication between the client and server, it was possible for one client, already registered with their own client ID, to send messages to the server claiming to come from another client ID. This issue was resolved in Velociraptor 0.6.5-2. Debido a un error en el manejo de la comunicación entre el cliente y el servidor, era posible que un cliente, ya registrado con su propio ID de cliente, enviara mensajes al servidor diciendo que provenían de otro ID de cliente. Este ... • https://www.rapid7.com/blog/post/2022/07/26/cve-2022-35629-35632-velociraptor-multiple-vulnerabilities-fixed • CWE-287: Improper Authentication CWE-290: Authentication Bypass by Spoofing •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-0758 – Rapid7 Nexpose Reflected XSS
https://notcve.org/view.php?id=CVE-2022-0758
17 Mar 2022 — Rapid7 Nexpose versions 6.6.129 and earlier suffer from a reflected cross site scripting vulnerability, within the shared scan configuration component of the tool. With this vulnerability an attacker could pass literal values as the test credentials, providing the opportunity for a potential XSS attack. This issue is fixed in Rapid7 Nexpose version 6.6.130. Rapid7 Nexpose versiones 6.6.129 y anteriores, sufren una vulnerabilidad de tipo cross site scripting reflejada, dentro del componente de configuración ... • https://docs.rapid7.com/release-notes/nexpose/20220309 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-0757 – Rapid7 Nexpose SQL Injection
https://notcve.org/view.php?id=CVE-2022-0757
17 Mar 2022 — Rapid7 Nexpose versions 6.6.93 and earlier are susceptible to an SQL Injection vulnerability, whereby valid search operators are not defined. This lack of validation can allow a logged-in, authenticated attacker to manipulate the "ANY" and "OR" operators in the SearchCriteria and inject SQL code. This issue was fixed in Rapid7 Nexpose version 6.6.129. Las versiones 6.6.93 y anteriores de Rapid7 Nexpose son susceptibles de una vulnerabilidad de inyección SQL, por la que no se definen operadores de búsqueda v... • https://docs.rapid7.com/release-notes/nexpose/20220302 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0237 – Rapid7 Insight Agent Privilege Escalation
https://notcve.org/view.php?id=CVE-2022-0237
17 Mar 2022 — Rapid7 Insight Agent versions 3.1.2.38 and earlier suffer from a privilege escalation vulnerability, whereby an attacker can hijack the flow of execution due to an unquoted argument to the runas.exe command used by the ir_agent.exe component, resulting in elevated rights and persistent access to the machine. This issue was fixed in Rapid7 Insight Agent version 3.1.3.80. Rapid7 Insight Agent versiones 3.1.2.38 y anteriores, sufren una vulnerabilidad de escalada de privilegios, por la que un atacante puede se... • https://docs.rapid7.com/release-notes/insightagent/20220225 • CWE-264: Permissions, Privileges, and Access Controls CWE-428: Unquoted Search Path or Element •