CVE-2022-0237— Rapid7 Insight Agent Privilege Escalation
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2022-0237
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Rapid7 Insight Agent Privilege Escalation
Source: NVD (National Vulnerability Database)
Vulnerability Description
Rapid7 Insight Agent versions 3.1.2.38 and earlier suffer from a privilege escalation vulnerability, whereby an attacker can hijack the flow of execution due to an unquoted argument to the runas.exe command used by the ir_agent.exe component, resulting in elevated rights and persistent access to the machine. This issue was fixed in Rapid7 Insight Agent version 3.1.3.80.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
权限、特权和访问控制
Source: NVD (National Vulnerability Database)
Vulnerability Title
Rapid7 Insight Agent 代码问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Rapid7 Insight Agent是美国Rapid7公司的一款轻量级软件。该软件能够从IT资产中收集数据。 Rapid7 Insight Agent 3.1.2.38版本及之前版本 存在安全漏洞,该漏洞源于Rapid7 Insight Agent 3.1.2.38版本及之前版本在使用 runas.exe 时没有正确双引号。该漏洞允许攻击者提升权限和对计算机的持久访问。Rapid7 Insight Agent 3.1.3.80版本修复了此问题。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Rapid7 | Insight Agent | 3.1.2.38 ~ 3.1.2.38 | - |
II. Public POCs for CVE-2022-0237
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2022-0237
请登录查看更多情报信息。
- https://gist.github.com/n2dez/05d43c616f2b403e84ee55d4d7aab251x_refsource_MISC
- https://docs.rapid7.com/release-notes/insightagent/20220225/x_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2022-0237
Same Patch Batch · Rapid7 · 2022-03-17 · 3 CVEs total
| CVE-2022-0757 | 5.5 MEDIUM | Rapid7 Nexpose SQL Injection |
| CVE-2022-0758 | 3.3 LOW | Rapid7 Nexpose Reflected XSS |
IV. Related Vulnerabilities
Same product: Insight Agent
- CVE-2026-6482
Local Privilege Escalation via OpenSSL configuration file in - CVE-2026-4482
Insight Agent Private Key Information Disclosure via Inherit - CVE-2026-4837
Eval Injection in Rapid7 Insight Agent - CVE-2024-3185
Rapid7 Insight Agent Sensitive Key Exposed To Local Users - CVE-2023-2273
Rapid7 Insight Agent Directory Traversal
Same vendor: Rapid7
- CVE-2026-6863
HTTP Filestore Endpoints Misapply Permissions Across Organiz - CVE-2026-6948
Unbounded Memory Allocation in VQLResponse Result-Set Writer - CVE-2026-6482
Local Privilege Escalation via OpenSSL configuration file in - CVE-2026-6290
Velociraptor Query() Plugin Misapplies Permissions To Orgs - CVE-2026-4482
Insight Agent Private Key Information Disclosure via Inherit
V. Comments for CVE-2022-0237
No comments yet