VYPR
Unrated severityNVD Advisory· Published Mar 17, 2022· Updated Sep 16, 2024

Rapid7 Insight Agent Privilege Escalation

CVE-2022-0237

Description

Rapid7 Insight Agent versions 3.1.2.38 and earlier suffer from a privilege escalation vulnerability, whereby an attacker can hijack the flow of execution due to an unquoted argument to the runas.exe command used by the ir_agent.exe component, resulting in elevated rights and persistent access to the machine. This issue was fixed in Rapid7 Insight Agent version 3.1.3.80.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Rapid7/Insight Agentllm-fuzzy2 versions
    <=3.1.2.38+ 1 more
    • (no CPE)range: <=3.1.2.38
    • (no CPE)range: 3.1.2.38

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.