CVE-2019-5631 Information

Description

The Rapid7 InsightAppSec broker suffers from a DLL injection vulnerability in the ‘prunsrv.exe’ component of the product. If exploited a local user of the system (who must already be authenticated to the operating system) can elevate their privileges with this vulnerability to the privilege level of InsightAppSec (usually SYSTEM). This issue affects version 2019.06.24 and prior versions of the product.

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Reference

https://help.rapid7.com/insightappsec/release-notes/archive/2019/07/

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.8