CVE-2023-2273 – Rapid7 Insight Agent Directory Traversal
https://notcve.org/view.php?id=CVE-2023-2273
Rapid7 Insight Agent token handler versions 3.2.6 and below, suffer from a Directory Traversal vulnerability whereby unsanitized input from a CLI argument flows into io.ioutil.WriteFile, where it is used as a path. This can result in a Path Traversal vulnerability and allow an attacker to write arbitrary files. This issue is remediated in version 3.3.0 via safe guards that reject inputs that attempt to do path traversal. • https://docs.rapid7.com/release-notes/insightagent/20230425 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2022-0237 – Rapid7 Insight Agent Privilege Escalation
https://notcve.org/view.php?id=CVE-2022-0237
Rapid7 Insight Agent versions 3.1.2.38 and earlier suffer from a privilege escalation vulnerability, whereby an attacker can hijack the flow of execution due to an unquoted argument to the runas.exe command used by the ir_agent.exe component, resulting in elevated rights and persistent access to the machine. This issue was fixed in Rapid7 Insight Agent version 3.1.3.80. Rapid7 Insight Agent versiones 3.1.2.38 y anteriores, sufren una vulnerabilidad de escalada de privilegios, por la que un atacante puede secuestrar el flujo de ejecución debido a un argumento no citado en el comando runas.exe usado por el componente ir_agent.exe, resultando en derechos elevados y a un acceso persistente a la máquina. Este problema es corregido en Rapid7 Insight Agent versión 3.1.3.80 • https://docs.rapid7.com/release-notes/insightagent/20220225 https://gist.github.com/n2dez/05d43c616f2b403e84ee55d4d7aab251 • CWE-264: Permissions, Privileges, and Access Controls CWE-428: Unquoted Search Path or Element •
CVE-2021-4016 – Rapid7 Insight Agent Improper Access Control
https://notcve.org/view.php?id=CVE-2021-4016
Rapid7 Insight Agent, versions prior to 3.1.3, suffer from an improper access control vulnerability whereby, the user has access to the snapshot directory. An attacker can access, read and copy any of the files in this directory e.g. asset_info.json or file_info.json, leading to a loss of confidentiality. This issue was fixed in Rapid7 Insight Agent 3.1.3. Rapid7 Insight Agent, versiones anteriores a la 3.1.3, sufren una vulnerabilidad de control de acceso inapropiada por la cual, el usuario presenta acceso al directorio de instantáneas. Un atacante puede acceder, leer y copiar cualquiera de los archivos de este directorio, por ejemplo, asset_info.json o file_info.json, conllevando a una pérdida de confidencialidad. • https://docs.rapid7.com/release-notes/insightagent/20220119 • CWE-284: Improper Access Control •
CVE-2021-4007 – Rapid7 Insight Agent Privilege Escalation
https://notcve.org/view.php?id=CVE-2021-4007
Rapid7 Insight Agent, versions 3.0.1 to 3.1.2.34, suffer from a local privilege escalation due to an uncontrolled DLL search path. Specifically, when Insight Agent versions 3.0.1 to 3.1.2.34 start, the Python interpreter attempts to load python3.dll at "C:\DLLs\python3.dll," which normally is writable by locally authenticated users. Because of this, a malicious local user could use Insight Agent's startup conditions to elevate to SYSTEM privileges. This issue was fixed in Rapid7 Insight Agent 3.1.2.35. This vulnerability is a regression of CVE-2019-5629. • https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-5629 https://docs.rapid7.com/release-notes/insightagent/20211210 • CWE-427: Uncontrolled Search Path Element •