CVE-2019-5631

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Rapid7 InsightAppSec versions 2019.06.24 and prior

Description The issue is related to a DLL injection vulnerability in the 'prunsrv.exe' component. A local user who is already authenticated to the operating system can exploit this to elevate their privileges to the level of InsightAppSec, usually SYSTEM.

Recommendations For versions 2019.06.24 and prior, update to a version later than 2019.06.24 to resolve the issue. As a temporary workaround, consider restricting access to the 'prunsrv.exe' component to minimize the risk of exploitation.

Fix

Untrusted Search Path

Uncontrolled Search Path Element

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-426CWE-427

Related Identifiers

CVE-2019-5631

Affected Products

Insightappsec

CVE-2019-5631

Weakness Enumeration

Related Identifiers

Affected Products

References · 4