CVE-2019-5631
Summary
| CVE | CVE-2019-5631 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-08-19 15:15:00 UTC |
| Updated | 2023-03-29 16:22:00 UTC |
| Description | The Rapid7 InsightAppSec broker suffers from a DLL injection vulnerability in the 'prunsrv.exe' component of the product. If exploited, a local user of the system (who must already be authenticated to the operating system) can elevate their privileges with this vulnerability to the privilege level of InsightAppSec (usually, SYSTEM). This issue affects version 2019.06.24 and prior versions of the product. |
Risk And Classification
Problem Types: CWE-426
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Rapid7 | Insightappsec | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| InsightAppSec Release Notes Archive - July 2019 | CONFIRM | help.rapid7.com | Release Notes, Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: This issue was discovered, and reported to Rapid7, by security researcher Maciej Oszutowski. It is being disclosed in accordance with Rapid7's vulnerability disclosure policy (https://www.rapid7.com/disclosure/).
There are currently no legacy QID mappings associated with this CVE.