CVE-2024-6504

Name of the Vulnerable Software and Affected Versions Rapid7 InsightVM Console versions prior to 6.6.261

Description The issue is related to a protection mechanism failure, where an attacker with network access can cause the console to overload or crash by sending repeated invalid REST requests to the Console's port 443, leading to an exception handling logging loop that exhausts the CPU. There is no indication that this method can be used to escalate privilege, acquire unauthorized access to data, or gain control of protected resources.

Recommendations For versions prior to 6.6.261, update to version 6.6.261 to resolve the issue. As a temporary workaround, consider restricting access to port 443 to minimize the risk of exploitation.