| |
Vulnerability CVE-2020-7382
Published: 2020-09-03
| Description: |
Rapid7 Nexpose installer version prior to 6.6.40 contains an Unquoted Search Path which may allow an attacker on the local machine to insert an arbitrary file into the executable path. This issue affects: Rapid7 Nexpose versions prior to 6.6.40. |
Type:
CWE-428 (Unquoted Search Path or Element)
CVSS2 => (AV:L/AC:M/Au:N/C:P/I:P/A:P)
| CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
4.4/10 |
6.4/10 |
3.4/10 |
| Exploit range |
Attack complexity |
Authentication |
Local |
Medium |
No required |
| Confidentiality impact |
Integrity impact |
Availability impact |
Partial |
Partial |
Partial |
References: |
https://help.rapid7.com/insightvm/en-us/release-notes/index.html?pid=6.6.40
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
