Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Local Privilege Escalation via OpenSSL configuration file in Insight Agent
Vulnerability Description
The Rapid7 Insight Agent (versions > 4.1.0.2) is vulnerable to a local privilege escalation attack that allows users to gain SYSTEM level control of a Windows host. Upon startup the agent service attempts to load an OpenSSL configuration file from a non-existent directory that is writable by standard users. By planting a crafted openssl.cnf file an attacker can trick the high-privilege service into executing arbitrary commands. This effectively permits an unprivileged user to bypass security controls and achieve a full host compromise under the agent’s SYSTEM level access.
CVSS Information
N/A
Vulnerability Type
从非可信控制范围包含功能例程
Vulnerability Title
Rapid7 Insight Agent 安全漏洞
Vulnerability Description
Rapid7 Insight Agent是美国Rapid7公司的一款轻量级软件。该软件能够从IT资产中收集数据。 Rapid7 Insight Agent 4.1.0.2之后版本存在安全漏洞,该漏洞源于代理服务启动时尝试从标准用户可写的非现有目录加载OpenSSL配置文件,可能导致本地攻击者通过植入特制openssl.cnf文件诱使高权限服务执行任意命令,实现权限提升。
CVSS Information
N/A
Vulnerability Type
N/A