VYPR
Unrated severityNVD Advisory· Published Jul 13, 2019· Updated Sep 16, 2024

CVE-2019-5629

CVE-2019-5629

Description

Rapid7 Insight Agent, version 2.6.3 and prior, suffers from a local privilege escalation due to an uncontrolled DLL search path. Specifically, when Insight Agent 2.6.3 and prior starts, the Python interpreter attempts to load python3.dll at "C:\DLLs\python3.dll," which normally is writable by locally authenticated users. Because of this, a malicious local user could use Insight Agent's startup conditions to elevate to SYSTEM privileges. This issue was fixed in Rapid7 Insight Agent 2.6.4.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Rapid7/Insight Agentllm-fuzzy2 versions
    <=2.6.3+ 1 more
    • (no CPE)range: <=2.6.3
    • (no CPE)range: 2.6.3 and prior

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.