CVE-2019-5642
MAGICK
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Rapid7 Metasploit Pro version 4.16.0-2019081901 and prior suffers from an instance of CWE-732, wherein the unique server.key is written to the file system during installation with world-readable permissions. This can allow other users of the same system where Metasploit Pro is installed to intercept otherwise private communications to the Metasploit Pro web interface.
Rapid7 Metasploit Pro versión 4.16.0-2019081901 y anterior, sufre de una instancia de CWE-732, en la que el único server.key es escrito en el sistema de archivos durante la instalación con permisos de tipo world-readable. Esto puede permitir a otros usuarios del mismo sistema donde está instalado Metasploit Pro, por otra parte interceptar comunicaciones privadas a la interfaz web de Metasploit Pro.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-01-07 CVE Reserved
- 2019-11-06 CVE Published
- 2023-03-08 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-732: Incorrect Permission Assignment for Critical Resource
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://help.rapid7.com/metasploit/release-notes/?rid=4.16.0-2019091001 | 2019-11-13 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Rapid7 Search vendor "Rapid7" | Metasploit Search vendor "Rapid7" for product "Metasploit" | < 4.16.0 Search vendor "Rapid7" for product "Metasploit" and version " < 4.16.0" | pro |
Affected
| ||||||
Rapid7 Search vendor "Rapid7" | Metasploit Search vendor "Rapid7" for product "Metasploit" | 4.16.0 Search vendor "Rapid7" for product "Metasploit" and version "4.16.0" | pro |
Affected
| ||||||
Rapid7 Search vendor "Rapid7" | Metasploit Search vendor "Rapid7" for product "Metasploit" | 4.16.0 Search vendor "Rapid7" for product "Metasploit" and version "4.16.0" | 20190722, pro |
Affected
| ||||||
Rapid7 Search vendor "Rapid7" | Metasploit Search vendor "Rapid7" for product "Metasploit" | 4.16.0 Search vendor "Rapid7" for product "Metasploit" and version "4.16.0" | 20190805, pro |
Affected
| ||||||
Rapid7 Search vendor "Rapid7" | Metasploit Search vendor "Rapid7" for product "Metasploit" | 4.16.0 Search vendor "Rapid7" for product "Metasploit" and version "4.16.0" | 2019081901, pro |
Affected
|