CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-3913

Rapid7 Nexpose and InsightVM versions 6.6.82 through 6.6.177 fail to validate the certificate of the update server when downloading updates. This failure could allow an attacker in a privileged position on the network to provide their own HTTPS endpoint, or intercept communications to the legitimate endpoint. The attacker would need some pre-existing access to at least one node on the network path between the Rapid7-controlled update server and the Nexpose/InsightVM application, and the ability to either spoof the update server's FQDN or redirect legitimate traffic to the attacker's server in order to exploit this vulnerability. Note that even in this scenario, an attacker could not normally replace an update package with a malicious package, since the update process validates a separate, code-signing certificate, distinct from the HTTPS certificate used for communication. This issue was resolved on February 1, 2023 in update 6.6.178 of Nexpose and InsightVM.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 33.1%

CVSS Severity

CVSS v3 Score 5.3

References

Products affected by CVE-2022-3913

Rapid7 » Nexpose » Version: 6.6.100

cpe:2.3:a:rapid7:nexpose:6.6.100
Rapid7 » Nexpose » Version: 6.6.101

cpe:2.3:a:rapid7:nexpose:6.6.101
Rapid7 » Nexpose » Version: 6.6.102

cpe:2.3:a:rapid7:nexpose:6.6.102
Rapid7 » Nexpose » Version: 6.6.103

cpe:2.3:a:rapid7:nexpose:6.6.103
Rapid7 » Nexpose » Version: 6.6.104

cpe:2.3:a:rapid7:nexpose:6.6.104
Rapid7 » Nexpose » Version: 6.6.105

cpe:2.3:a:rapid7:nexpose:6.6.105
Rapid7 » Nexpose » Version: 6.6.106

cpe:2.3:a:rapid7:nexpose:6.6.106
Rapid7 » Nexpose » Version: 6.6.107

cpe:2.3:a:rapid7:nexpose:6.6.107
Rapid7 » Nexpose » Version: 6.6.108

cpe:2.3:a:rapid7:nexpose:6.6.108
Rapid7 » Nexpose » Version: 6.6.109

cpe:2.3:a:rapid7:nexpose:6.6.109
Rapid7 » Nexpose » Version: 6.6.110

cpe:2.3:a:rapid7:nexpose:6.6.110
Rapid7 » Nexpose » Version: 6.6.111

cpe:2.3:a:rapid7:nexpose:6.6.111
Rapid7 » Nexpose » Version: 6.6.112

cpe:2.3:a:rapid7:nexpose:6.6.112
Rapid7 » Nexpose » Version: 6.6.113

cpe:2.3:a:rapid7:nexpose:6.6.113
Rapid7 » Nexpose » Version: 6.6.114

cpe:2.3:a:rapid7:nexpose:6.6.114
Rapid7 » Nexpose » Version: 6.6.115

cpe:2.3:a:rapid7:nexpose:6.6.115
Rapid7 » Nexpose » Version: 6.6.116

cpe:2.3:a:rapid7:nexpose:6.6.116
Rapid7 » Nexpose » Version: 6.6.117

cpe:2.3:a:rapid7:nexpose:6.6.117
Rapid7 » Nexpose » Version: 6.6.118

cpe:2.3:a:rapid7:nexpose:6.6.118
Rapid7 » Nexpose » Version: 6.6.119

cpe:2.3:a:rapid7:nexpose:6.6.119
Rapid7 » Nexpose » Version: 6.6.120

cpe:2.3:a:rapid7:nexpose:6.6.120
Rapid7 » Nexpose » Version: 6.6.121

cpe:2.3:a:rapid7:nexpose:6.6.121
Rapid7 » Nexpose » Version: 6.6.122

cpe:2.3:a:rapid7:nexpose:6.6.122
Rapid7 » Nexpose » Version: 6.6.123

cpe:2.3:a:rapid7:nexpose:6.6.123
Rapid7 » Nexpose » Version: 6.6.124

cpe:2.3:a:rapid7:nexpose:6.6.124
Rapid7 » Nexpose » Version: 6.6.125

cpe:2.3:a:rapid7:nexpose:6.6.125
Rapid7 » Nexpose » Version: 6.6.126

cpe:2.3:a:rapid7:nexpose:6.6.126
Rapid7 » Nexpose » Version: 6.6.127

cpe:2.3:a:rapid7:nexpose:6.6.127
Rapid7 » Nexpose » Version: 6.6.128

cpe:2.3:a:rapid7:nexpose:6.6.128
Rapid7 » Nexpose » Version: 6.6.129

cpe:2.3:a:rapid7:nexpose:6.6.129
Rapid7 » Nexpose » Version: 6.6.130

cpe:2.3:a:rapid7:nexpose:6.6.130
Rapid7 » Nexpose » Version: 6.6.131

cpe:2.3:a:rapid7:nexpose:6.6.131
Rapid7 » Nexpose » Version: 6.6.132

cpe:2.3:a:rapid7:nexpose:6.6.132
Rapid7 » Nexpose » Version: 6.6.133

cpe:2.3:a:rapid7:nexpose:6.6.133
Rapid7 » Nexpose » Version: 6.6.134

cpe:2.3:a:rapid7:nexpose:6.6.134
Rapid7 » Nexpose » Version: 6.6.135

cpe:2.3:a:rapid7:nexpose:6.6.135
Rapid7 » Nexpose » Version: 6.6.136

cpe:2.3:a:rapid7:nexpose:6.6.136
Rapid7 » Nexpose » Version: 6.6.137

cpe:2.3:a:rapid7:nexpose:6.6.137
Rapid7 » Nexpose » Version: 6.6.138

cpe:2.3:a:rapid7:nexpose:6.6.138
Rapid7 » Nexpose » Version: 6.6.139

cpe:2.3:a:rapid7:nexpose:6.6.139
Rapid7 » Nexpose » Version: 6.6.140

cpe:2.3:a:rapid7:nexpose:6.6.140
Rapid7 » Nexpose » Version: 6.6.141

cpe:2.3:a:rapid7:nexpose:6.6.141
Rapid7 » Nexpose » Version: 6.6.142

cpe:2.3:a:rapid7:nexpose:6.6.142
Rapid7 » Nexpose » Version: 6.6.143

cpe:2.3:a:rapid7:nexpose:6.6.143
Rapid7 » Nexpose » Version: 6.6.144

cpe:2.3:a:rapid7:nexpose:6.6.144
Rapid7 » Nexpose » Version: 6.6.145

cpe:2.3:a:rapid7:nexpose:6.6.145
Rapid7 » Nexpose » Version: 6.6.146

cpe:2.3:a:rapid7:nexpose:6.6.146
Rapid7 » Nexpose » Version: 6.6.147

cpe:2.3:a:rapid7:nexpose:6.6.147
Rapid7 » Nexpose » Version: 6.6.148

cpe:2.3:a:rapid7:nexpose:6.6.148
Rapid7 » Nexpose » Version: 6.6.149

cpe:2.3:a:rapid7:nexpose:6.6.149
Rapid7 » Nexpose » Version: 6.6.150

cpe:2.3:a:rapid7:nexpose:6.6.150
Rapid7 » Nexpose » Version: 6.6.151

cpe:2.3:a:rapid7:nexpose:6.6.151
Rapid7 » Nexpose » Version: 6.6.152

cpe:2.3:a:rapid7:nexpose:6.6.152
Rapid7 » Nexpose » Version: 6.6.153

cpe:2.3:a:rapid7:nexpose:6.6.153
Rapid7 » Nexpose » Version: 6.6.154

cpe:2.3:a:rapid7:nexpose:6.6.154
Rapid7 » Nexpose » Version: 6.6.155

cpe:2.3:a:rapid7:nexpose:6.6.155
Rapid7 » Nexpose » Version: 6.6.156

cpe:2.3:a:rapid7:nexpose:6.6.156
Rapid7 » Nexpose » Version: 6.6.157

cpe:2.3:a:rapid7:nexpose:6.6.157
Rapid7 » Nexpose » Version: 6.6.158

cpe:2.3:a:rapid7:nexpose:6.6.158
Rapid7 » Nexpose » Version: 6.6.159

cpe:2.3:a:rapid7:nexpose:6.6.159
Rapid7 » Nexpose » Version: 6.6.160

cpe:2.3:a:rapid7:nexpose:6.6.160
Rapid7 » Nexpose » Version: 6.6.161

cpe:2.3:a:rapid7:nexpose:6.6.161
Rapid7 » Nexpose » Version: 6.6.162

cpe:2.3:a:rapid7:nexpose:6.6.162
Rapid7 » Nexpose » Version: 6.6.163

cpe:2.3:a:rapid7:nexpose:6.6.163
Rapid7 » Nexpose » Version: 6.6.164

cpe:2.3:a:rapid7:nexpose:6.6.164
Rapid7 » Nexpose » Version: 6.6.165

cpe:2.3:a:rapid7:nexpose:6.6.165
Rapid7 » Nexpose » Version: 6.6.166

cpe:2.3:a:rapid7:nexpose:6.6.166
Rapid7 » Nexpose » Version: 6.6.167

cpe:2.3:a:rapid7:nexpose:6.6.167
Rapid7 » Nexpose » Version: 6.6.168

cpe:2.3:a:rapid7:nexpose:6.6.168
Rapid7 » Nexpose » Version: 6.6.169

cpe:2.3:a:rapid7:nexpose:6.6.169
Rapid7 » Nexpose » Version: 6.6.170

cpe:2.3:a:rapid7:nexpose:6.6.170
Rapid7 » Nexpose » Version: 6.6.171

cpe:2.3:a:rapid7:nexpose:6.6.171
Rapid7 » Nexpose » Version: 6.6.172

cpe:2.3:a:rapid7:nexpose:6.6.172
Rapid7 » Nexpose » Version: 6.6.177

cpe:2.3:a:rapid7:nexpose:6.6.177
Rapid7 » Nexpose » Version: 6.6.82

cpe:2.3:a:rapid7:nexpose:6.6.82
Rapid7 » Nexpose » Version: 6.6.83

cpe:2.3:a:rapid7:nexpose:6.6.83
Rapid7 » Nexpose » Version: 6.6.84

cpe:2.3:a:rapid7:nexpose:6.6.84
Rapid7 » Nexpose » Version: 6.6.85

cpe:2.3:a:rapid7:nexpose:6.6.85
Rapid7 » Nexpose » Version: 6.6.86

cpe:2.3:a:rapid7:nexpose:6.6.86
Rapid7 » Nexpose » Version: 6.6.87

cpe:2.3:a:rapid7:nexpose:6.6.87
Rapid7 » Nexpose » Version: 6.6.88

cpe:2.3:a:rapid7:nexpose:6.6.88
Rapid7 » Nexpose » Version: 6.6.89

cpe:2.3:a:rapid7:nexpose:6.6.89
Rapid7 » Nexpose » Version: 6.6.90

cpe:2.3:a:rapid7:nexpose:6.6.90
Rapid7 » Nexpose » Version: 6.6.91

cpe:2.3:a:rapid7:nexpose:6.6.91
Rapid7 » Nexpose » Version: 6.6.92

cpe:2.3:a:rapid7:nexpose:6.6.92
Rapid7 » Nexpose » Version: 6.6.93

cpe:2.3:a:rapid7:nexpose:6.6.93
Rapid7 » Nexpose » Version: 6.6.94

cpe:2.3:a:rapid7:nexpose:6.6.94
Rapid7 » Nexpose » Version: 6.6.95

cpe:2.3:a:rapid7:nexpose:6.6.95
Rapid7 » Nexpose » Version: 6.6.96

cpe:2.3:a:rapid7:nexpose:6.6.96
Rapid7 » Nexpose » Version: 6.6.97

cpe:2.3:a:rapid7:nexpose:6.6.97
Rapid7 » Nexpose » Version: 6.6.98

cpe:2.3:a:rapid7:nexpose:6.6.98
Rapid7 » Nexpose » Version: 6.6.99

cpe:2.3:a:rapid7:nexpose:6.6.99

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-3913

Products

Pricing

Contact Us