cvedb.io
CVE-2022-0237
MEDIUM · CVSS 4
EPSS exploitation probability: 0%
Published 2022-03-17T23:15:07.523 · Last modified 2026-06-17T04:20:12.410

Summary

Rapid7 Insight Agent versions 3.1.2.38 and earlier suffer from a privilege escalation vulnerability, whereby an attacker can hijack the flow of execution due to an unquoted argument to the runas.exe command used by the ir_agent.exe component, resulting in elevated rights and persistent access to the machine. This issue was fixed in Rapid7 Insight Agent version 3.1.3.80.

Affected products

rapid7 — insight_agent

Does this affect you?

Add your gear to cvedb and we'll alert you only when rapid7 ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.