漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Rapid7 Nexpose Update Validation Issue
Vulnerability Description
Rapid7 Nexpose and InsightVM versions prior to 6.6.172 failed to reliably validate the authenticity of update contents. This failure could allow an attacker to provide a malicious update and alter the functionality of Rapid7 Nexpose. The attacker would need some pre-existing mechanism to provide a malicious update, either through a social engineering effort, privileged access to replace downloaded updates in transit, or by performing an Attacker-in-the-Middle attack on the update service itself.
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N
Vulnerability Type
下载代码缺少完整性检查
Vulnerability Title
Rapid7 Nexpose 安全漏洞
Vulnerability Description
Rapid7 Nexpose是美国Rapid7公司的一套能够利用扫描结果深度探测网络的漏洞管理软件。该软件支持扫描配置环境的错误、漏洞、恶意软件等。 Rapid7 Nexpose 6.6.172 之前版本存在安全漏洞,该漏洞源于 无法可靠地验证更新内容的真实性,攻击者利用该漏洞可以提供恶意更新并更改 Rapid7 Nexpose 的功能。
CVSS Information
N/A
Vulnerability Type
N/A