Rapid7 Insight Agent: CVE-2017-5252: Insight Agent on Windows is vulnerable to loading malicious libraries placed in its dependency search path
Description
Insight Agent on Windows systems searches for local dependencies in several locations, including in directories in the system PATH variable. As this can include arbitrary directories, and the Agent doesn't specify the directories to search, an attacker with local admin access could place a (potentially malicious) DLL in a directory in that path, causing the Agent to load that library.
Solution(s)
- rapid7-insightagent-1_4_68-kb2533623
- rapid7-insightagent-1_4_68
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center