Vulnerability Details CVE-2022-0237
Rapid7 Insight Agent versions 3.1.2.38 and earlier suffer from a privilege escalation vulnerability, whereby an attacker can hijack the flow of execution due to an unquoted argument to the runas.exe command used by the ir_agent.exe component, resulting in elevated rights and persistent access to the machine. This issue was fixed in Rapid7 Insight Agent version 3.1.3.80.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 28.8%
CVSS Severity
CVSS v3 Score 4.0
CVSS v2 Score 7.2
References
Products affected by CVE-2022-0237
-
cpe:2.3:a:rapid7:insight_agent:-
-
cpe:2.3:a:rapid7:insight_agent:2.5.2
-
cpe:2.3:a:rapid7:insight_agent:2.5.3
-
cpe:2.3:a:rapid7:insight_agent:2.6.0
-
cpe:2.3:a:rapid7:insight_agent:2.6.1
-
cpe:2.3:a:rapid7:insight_agent:2.6.2
-
cpe:2.3:a:rapid7:insight_agent:2.6.3
-
cpe:2.3:a:rapid7:insight_agent:2.6.4
-
cpe:2.3:a:rapid7:insight_agent:2.6.5
-
cpe:2.3:a:rapid7:insight_agent:2.6.6
-
cpe:2.3:a:rapid7:insight_agent:2.6.7
-
cpe:2.3:a:rapid7:insight_agent:2.7.0
-
cpe:2.3:a:rapid7:insight_agent:2.7.1
-
cpe:2.3:a:rapid7:insight_agent:2.7.10
-
cpe:2.3:a:rapid7:insight_agent:2.7.11
-
cpe:2.3:a:rapid7:insight_agent:2.7.13
-
cpe:2.3:a:rapid7:insight_agent:2.7.14
-
cpe:2.3:a:rapid7:insight_agent:2.7.15
-
cpe:2.3:a:rapid7:insight_agent:2.7.16
-
cpe:2.3:a:rapid7:insight_agent:2.7.17
-
cpe:2.3:a:rapid7:insight_agent:2.7.18
-
cpe:2.3:a:rapid7:insight_agent:2.7.19
-
cpe:2.3:a:rapid7:insight_agent:2.7.2
-
cpe:2.3:a:rapid7:insight_agent:2.7.20
-
cpe:2.3:a:rapid7:insight_agent:2.7.21
-
cpe:2.3:a:rapid7:insight_agent:2.7.22
-
cpe:2.3:a:rapid7:insight_agent:2.7.3
-
cpe:2.3:a:rapid7:insight_agent:2.7.4
-
cpe:2.3:a:rapid7:insight_agent:2.7.5
-
cpe:2.3:a:rapid7:insight_agent:2.7.6
-
cpe:2.3:a:rapid7:insight_agent:2.7.7
-
cpe:2.3:a:rapid7:insight_agent:2.7.8
-
cpe:2.3:a:rapid7:insight_agent:2.7.9
-
cpe:2.3:a:rapid7:insight_agent:3.0.1
-
cpe:2.3:a:rapid7:insight_agent:3.0.10
-
cpe:2.3:a:rapid7:insight_agent:3.0.2.3
-
cpe:2.3:a:rapid7:insight_agent:3.0.3
-
cpe:2.3:a:rapid7:insight_agent:3.0.4
-
cpe:2.3:a:rapid7:insight_agent:3.0.5
-
cpe:2.3:a:rapid7:insight_agent:3.0.6
-
cpe:2.3:a:rapid7:insight_agent:3.0.7
-
cpe:2.3:a:rapid7:insight_agent:3.0.8
-
cpe:2.3:a:rapid7:insight_agent:3.0.9
-
cpe:2.3:a:rapid7:insight_agent:3.1.0
-
cpe:2.3:a:rapid7:insight_agent:3.1.1
-
cpe:2.3:a:rapid7:insight_agent:3.1.2
-
cpe:2.3:a:rapid7:insight_agent:3.1.2.35
-
cpe:2.3:a:rapid7:insight_agent:3.1.2.36
-
cpe:2.3:a:rapid7:insight_agent:3.1.2.38