// For flags

CVE-2019-5629

Rapid7 Windows InsightIDR Agent 2.6.3.14 Local Privilege Escalation

Severity Score

7.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Rapid7 Insight Agent, version 2.6.3 and prior, suffers from a local privilege escalation due to an uncontrolled DLL search path. Specifically, when Insight Agent 2.6.3 and prior starts, the Python interpreter attempts to load python3.dll at "C:\DLLs\python3.dll," which normally is writable by locally authenticated users. Because of this, a malicious local user could use Insight Agent's startup conditions to elevate to SYSTEM privileges. This issue was fixed in Rapid7 Insight Agent 2.6.4.

Insight Agent de Rapid7, versión 2.6.3 y anteriores, sufre de una escalada de privilegios locales debido a una ruta (path) de búsqueda de DLL no controlada. Específicamente, durante el inicio de Insight Agent versión 2.6.3 y anteriores, el intérprete de Python intenta cargar python3.dll en "C:\DLLs\python3.dll", que comúnmente es escribible por usuarios autenticados localmente. Debido a esto, un usuario local malicioso podría usar las condiciones de inicio de Insight Agent para elevar los privilegios a SYSTEM. Este problema fue solucionado en Rapid7 Insight Agent versión 2.6.4.

Rapid7 Windows InsightIDR Agent version 2.6.3.14 suffers from a local privilege escalation vulnerability.

*Credits: This issue was discovered, and reported to Rapid7, by independent researcher Florian Bogner at Bee IT Security. It is being disclosed in accordance with Rapid7's vulnerability disclosure policy (https://www.rapid7.com/disclosure/).
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2019-01-07 CVE Reserved
  • 2019-06-03 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-09-16 CVE Updated
  • 2024-09-16 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-427: Uncontrolled Search Path Element
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Rapid7
Search vendor "Rapid7"
Insight Agent
Search vendor "Rapid7" for product "Insight Agent"
<= 2.6.3
Search vendor "Rapid7" for product "Insight Agent" and version " <= 2.6.3"
-
Affected