Insightconnect Awk Plugin
Monthly
Remote OS command injection in Rapid7's InsightConnect AWK Plugin (versions below 1.2.2 on Linux) lets attackers run arbitrary operating-system commands through the process_string action's text or expression parameters, which are unsafely concatenated into a shell command. The CVSS 9.8 rating reflects full confidentiality, integrity, and availability loss with no privileges or user interaction required by the vector. There is no public exploit identified at time of analysis, EPSS is low (0.55%), and CISA SSVC marks exploitation as none, so risk today is potential rather than observed.
Remote OS command injection in Rapid7's InsightConnect AWK Plugin (versions below 1.2.2 on Linux) lets attackers run arbitrary operating-system commands through the process_string action's text or expression parameters, which are unsafely concatenated into a shell command. The CVSS 9.8 rating reflects full confidentiality, integrity, and availability loss with no privileges or user interaction required by the vector. There is no public exploit identified at time of analysis, EPSS is low (0.55%), and CISA SSVC marks exploitation as none, so risk today is potential rather than observed.