Rapid7 Nexpose Certificate Validation Issue

Rapid7 Nexpose and InsightVM versions 6.6.82 through 6.6.177 fail to validate the certificate of the update server when downloading updates. This failure could allow an attacker in a privileged position on the network to provide their own HTTPS endpoint, or intercept communications to the legitimate endpoint. The attacker would need some pre-existing access to at least one node on the network path between the Rapid7-controlled update server and the Nexpose/InsightVM application, and the ability to either spoof the update server's FQDN or redirect legitimate traffic to the attacker's server in order to exploit this vulnerability. Note that even in this scenario, an attacker could not normally replace an update package with a malicious package, since the update process validates a separate, code-signing certificate, distinct from the HTTPS certificate used for communication. This issue was resolved on February 1, 2023 in update 6.6.178 of Nexpose and InsightVM.

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

证书验证不恰当

Rapid7 Nexpose 信任管理问题漏洞

Rapid7 Nexpose是美国Rapid7公司的一套能够利用扫描结果深度探测网络的漏洞管理软件。该软件支持扫描配置环境的错误、漏洞、恶意软件等。 Rapid7 Nexpose和InsightVM 6.6.82版本至6.6.177版本存在安全漏洞，该漏洞源于在下载更新时无法验证更新服务器的证书，可能允许在网络上处于特权位置的攻击者提供他们自己的HTTPS端点，或拦截与合法端点的通信。

N/A

N/A