Insightconnect Ping Plugin
Monthly
OS command injection in Rapid7's InsightConnect Ping Plugin (versions before 1.0.4) on Linux lets attackers run arbitrary operating-system commands by injecting shell metacharacters into the host parameter of the plugin's ping action, which is concatenated into a shell command without proper sanitization. Any actor able to influence the host input flowing into this SOAR plugin gains full code execution on the plugin's runtime host. There is no public exploit identified at time of analysis, EPSS is low (0.55%), and CISA's SSVC marks exploitation as 'none' and the flaw as not automatable, so risk is real but not yet observed in the wild.
OS command injection in Rapid7's InsightConnect Ping Plugin (versions before 1.0.4) on Linux lets attackers run arbitrary operating-system commands by injecting shell metacharacters into the host parameter of the plugin's ping action, which is concatenated into a shell command without proper sanitization. Any actor able to influence the host input flowing into this SOAR plugin gains full code execution on the plugin's runtime host. There is no public exploit identified at time of analysis, EPSS is low (0.55%), and CISA's SSVC marks exploitation as 'none' and the flaw as not automatable, so risk is real but not yet observed in the wild.