CVE-2020-7382

Published: Sep 3, 2020Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

Exploitability: 0.6 / Impact: 5.9

Source: NVD

Description

Rapid7 Nexpose installer version prior to 6.6.40 contains an Unquoted Search Path which may allow an attacker on the local machine to insert an arbitrary file into the executable path. This issue affects: Rapid7 Nexpose versions prior to 6.6.40.

Affected (1)

Products: Rapid7: Nexpose

Rapid7

1 product

Nexpose

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Rapid7 Nexpose	Before 6.6.40

Related CWEs

CWE-428

Unquoted Search Path or Element

The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.

References (2)

https://help.rapid7.com/insightvm/en-us/release-notes/index.html?pid=6.6.40

Source: cve@rapid7.com

Release NotesVendor Advisory

https://help.rapid7.com/insightvm/en-us/release-notes/index.html?pid=6.6.40

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

Timeline

No history available yet.