CVE-2021-4007

HIGH

Rapid7 Insight Agent <3.1.2.34 - Privilege Escalation

Title source: llm

Description

Rapid7 Insight Agent, versions 3.0.1 to 3.1.2.34, suffer from a local privilege escalation due to an uncontrolled DLL search path. Specifically, when Insight Agent versions 3.0.1 to 3.1.2.34 start, the Python interpreter attempts to load python3.dll at "C:\DLLs\python3.dll," which normally is writable by locally authenticated users. Because of this, a malicious local user could use Insight Agent's startup conditions to elevate to SYSTEM privileges. This issue was fixed in Rapid7 Insight Agent 3.1.2.35. This vulnerability is a regression of CVE-2019-5629.

References (2)

[Third Party Advisory] https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-5629

[Release Notes, Third Party Advisory] https://docs.rapid7.com/release-notes/insightagent/20211210/

Scores

CVSS v3 7.8

EPSS 0.0004

EPSS Percentile 12.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-427

Status published

Affected Products (1)

rapid7/insight_agent < 3.1.2.35

Timeline

Published Dec 14, 2021

Tracked Since Feb 18, 2026