What is CVE-2019-5629?

CVE-2019-5629 is a high-severity vulnerability in Rapid7 Insight Agent, classified under Uncontrolled Search Path Element. CVSS score: 7.8/10. Published 2019-07-13.

How severe is CVE-2019-5629?

High severity. CVSS v3 base score is 7.8 out of 10.

Vulnerability in Rapid7 Insight Agent

CVE-2019-5629

Rapid7 Insight Agent, version 2.6.3 and prior, suffers from a local privilege escalation due to an uncontrolled DLL search path. Specifically, when Insight Agent 2.6.3 and prior starts, the Python interpreter attempts to load python3.dll a…

EPSS: 0.001 (30.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.8 (High). Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Rapid7 Insight Agent — versions 2.6.3 and prior

Weakness classification (CWE)

CWE-427 — Uncontrolled Search Path Element

References

20190603 Rapid7's Windows InsightIDR Agent: Local Privilege Escalation (mailing-list, x_refsource_BUGTRAQ)
packetstormsecurity.com/files/153159/Rapid7-Windows-InsightIDR-Agent-2.6.3.14-L… (x_refsource_MISC)
20190611 Rapid7's Windows InsightIDR Agent: Local Privilege Escalation (mailing-list, x_refsource_FULLDISC)
help.rapid7.com/insightagent/release-notes/archive/2019/05/ (x_refsource_CONFIRM)
bogner.sh/2019/06/local-privilege-escalation-in-rapid7s-windows-insight-idr-age… (x_refsource_MISC)

Frequently asked questions

What is CVE-2019-5629?: CVE-2019-5629 is a high-severity vulnerability in Rapid7 Insight Agent, classified under Uncontrolled Search Path Element. CVSS score: 7.8/10. Published 2019-07-13.
How severe is CVE-2019-5629?: High severity. CVSS v3 base score is 7.8 out of 10.