DLL Preloading Vulnerability in Rapid7 Nexpose Installers
CVE-2017-5232

7.8HIGH

Key Information:

Vendor: Rapid7
Status: Nexpose
Vendor: CVE Published:; 2 March 2017

What is CVE-2017-5232?

A vulnerability exists in all editions of Rapid7 Nexpose installers prior to version 6.4.24, allowing them to load a malicious DLL from the current working directory. This can potentially expose systems to unauthorized code execution and other malicious activities if the environment is compromised.

Affected Version(s)

Nexpose All versions prior to version 6.4.24

References

http://www.securityfocus.com/bid/96956

vdb-entryx_refsource_BID

https://community.rapid7.com/community/infosec/blog/2017/...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 2, 2017
Vulnerability Reserved
Jan 9, 2017