Vulnerabilities > Rapid7 > Insight Agent > High

DATE CVE VULNERABILITY TITLE RISK
2023-04-26 CVE-2023-2273 Path Traversal vulnerability in Rapid7 Insight Agent
Rapid7 Insight Agent token handler versions 3.2.6 and below, suffer from a Directory Traversal vulnerability whereby unsanitized input from a CLI argument flows into io.ioutil.WriteFile, where it is used as a path.
network
low complexity
rapid7 CWE-22
7.5
2022-03-17 CVE-2022-0237 Unquoted Search Path or Element vulnerability in Rapid7 Insight Agent
Rapid7 Insight Agent versions 3.1.2.38 and earlier suffer from a privilege escalation vulnerability, whereby an attacker can hijack the flow of execution due to an unquoted argument to the runas.exe command used by the ir_agent.exe component, resulting in elevated rights and persistent access to the machine.
local
low complexity
rapid7 CWE-428
7.8
2021-12-14 CVE-2021-4007 Uncontrolled Search Path Element vulnerability in Rapid7 Insight Agent
Rapid7 Insight Agent, versions 3.0.1 to 3.1.2.34, suffer from a local privilege escalation due to an uncontrolled DLL search path.
local
low complexity
rapid7 CWE-427
7.8
2019-07-13 CVE-2019-5629 Uncontrolled Search Path Element vulnerability in Rapid7 Insight Agent
Rapid7 Insight Agent, version 2.6.3 and prior, suffers from a local privilege escalation due to an uncontrolled DLL search path.
local
low complexity
rapid7 CWE-427
7.8