CVE-2019-5631 Vulnerability Details

  /     /     /  

CVE-2019-5631 Metadata Quick Info

CVE Published: 19/08/2019 | CVE Updated: 16/09/2024 | CVE Year: 2019
Source: rapid7 | Vendor: Rapid7 | Product: InsightAppSec
Status : PUBLISHED

---

CVE-2019-5631 Description

The Rapid7 InsightAppSec broker suffers from a DLL injection vulnerability in the \'prunsrv.exe\' component of the product. If exploited, a local user of the system (who must already be authenticated to the operating system) can elevate their privileges with this vulnerability to the privilege level of InsightAppSec (usually, SYSTEM). This issue affects version 2019.06.24 and prior versions of the product.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-427
CWE Name: CWE-427: Uncontrolled Search Path Element
Source: Rapid7

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).