Rapid7 Insight Agent 权限许可和访问控制问题漏洞

漏洞信息详情

Rapid7 Insight Agent是美国Rapid7公司的一款轻量级软件。该软件能够从IT资产中收集数据。

Rapid7 Insight Agent 2.6.3及之前版本中存在安全漏洞。攻击者可利用该漏洞提升权限至SYSTEM。

目前厂商已发布升级补丁以修复漏洞，补丁获取链接：

https://help.rapid7.com/insightagent/release-notes/archive/2019/05/#20190529

来源:MISC

链接:https://bogner.sh/2019/06/local-privilege-escalation-in-rapid7s-windows-insight-idr-agent/

来源:FULLDISC

链接:http://seclists.org/fulldisclosure/2019/Jun/13

来源:CONFIRM

链接:https://help.rapid7.com/insightagent/release-notes/archive/2019/05/#20190529

来源:BUGTRAQ

链接:https://seclists.org/bugtraq/2019/Jun/0

来源:packetstormsecurity.com

链接:http://packetstormsecurity.com/files/153159/Rapid7-Windows-InsightIDR-Agent-2.6.3.14-Local-Privilege-Escalation.html

来源:MISC

链接:https://packetstormsecurity.com/files/153159/Rapid7-Windows-InsightIDR-Agent-2.6.3.14-Local-Privilege-Escalation.html

来源:nvd.nist.gov

链接:https://nvd.nist.gov/vuln/detail/CVE-2019-5629

暂无