Insight Agent
Monthly
Remote code execution in Rapid7 Insight Agent for Linux versions prior to 4.1.0.2 allows authenticated attackers with high privileges to inject arbitrary code via eval() in the beaconing logic by crafting a malicious beacon response. The vulnerability requires high authentication privileges and mutual TLS verification, making remote exploitation difficult without prior compromise of the Rapid7 Platform backend. CVSS 6.6 reflects the high impact (code execution as root) balanced against high attack complexity and privilege requirements. No public exploit code or active exploitation has been identified at time of analysis.
Rapid7 Insight Agent token handler versions 3.2.6 and below, suffer from a Directory Traversal vulnerability whereby unsanitized input from a CLI argument flows into io.ioutil.WriteFile, where it is. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Rapid7 Insight Agent versions 3.1.2.38 and earlier suffer from a privilege escalation vulnerability, whereby an attacker can hijack the flow of execution due to an unquoted argument to the runas.exe. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
Rapid7 Insight Agent, versions 3.0.1 to 3.1.2.34, suffer from a local privilege escalation due to an uncontrolled DLL search path. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Rapid7 Insight Agent, version 2.6.3 and prior, suffers from a local privilege escalation due to an uncontrolled DLL search path. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
Remote code execution in Rapid7 Insight Agent for Linux versions prior to 4.1.0.2 allows authenticated attackers with high privileges to inject arbitrary code via eval() in the beaconing logic by crafting a malicious beacon response. The vulnerability requires high authentication privileges and mutual TLS verification, making remote exploitation difficult without prior compromise of the Rapid7 Platform backend. CVSS 6.6 reflects the high impact (code execution as root) balanced against high attack complexity and privilege requirements. No public exploit code or active exploitation has been identified at time of analysis.
Rapid7 Insight Agent token handler versions 3.2.6 and below, suffer from a Directory Traversal vulnerability whereby unsanitized input from a CLI argument flows into io.ioutil.WriteFile, where it is. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Rapid7 Insight Agent versions 3.1.2.38 and earlier suffer from a privilege escalation vulnerability, whereby an attacker can hijack the flow of execution due to an unquoted argument to the runas.exe. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
Rapid7 Insight Agent, versions 3.0.1 to 3.1.2.34, suffer from a local privilege escalation due to an uncontrolled DLL search path. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Rapid7 Insight Agent, version 2.6.3 and prior, suffers from a local privilege escalation due to an uncontrolled DLL search path. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.