VYPR
Unrated severityNVD Advisory· Published Aug 19, 2019· Updated Sep 16, 2024

Rapid7 InsightAppSec Local Privilege Escalation

CVE-2019-5631

Description

The Rapid7 InsightAppSec broker suffers from a DLL injection vulnerability in the 'prunsrv.exe' component of the product. If exploited, a local user of the system (who must already be authenticated to the operating system) can elevate their privileges with this vulnerability to the privilege level of InsightAppSec (usually, SYSTEM). This issue affects version 2019.06.24 and prior versions of the product.

Affected products

2
  • Rapid7/InsightAppSecllm-create2 versions
    <=2019.06.24+ 1 more
    • (no CPE)range: <=2019.06.24
    • (no CPE)range: 2019.06.24

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.