Plattform
other
Komponente
rapid7-insightvm
Behoben in
6.5.50
6.5.11*
CVE-2019-5615 affects Rapid7 InsightVM versions 6.5.11 through 6.5.49. This vulnerability allows users with Site-level permissions to access files containing sensitive information, including username-encrypted passwords of Security Console Global Administrators and clear-text passwords for restoring backups, as well as the salt for those passwords. While decryption and privilege escalation require additional steps, the exposure of these credentials poses a significant security risk. A fix is available in version 6.5.50.
The primary impact of CVE-2019-5615 is the potential exposure of highly sensitive credentials. An attacker with Site-level permissions within Rapid7 InsightVM could gain access to files containing encrypted administrator passwords and backup restoration passwords. While these passwords are encrypted, the presence of the salt alongside the encrypted passwords significantly reduces the difficulty of decryption. Successful decryption would allow an attacker to impersonate administrators, potentially gaining full control over the InsightVM environment. This could lead to unauthorized access to sensitive data, modification of security policies, and disruption of security operations. The blast radius extends to any data protected by the compromised administrator accounts.
CVE-2019-5615 was publicly disclosed on April 9, 2019. There is no indication of active exploitation campaigns targeting this vulnerability. The CVSS score is LOW, suggesting a relatively low probability of exploitation in the wild. No public proof-of-concept (PoC) code has been released. It was not added to the CISA KEV catalog.
Organizations utilizing Rapid7 InsightVM versions 6.5.11 through 6.5.49 are at risk, particularly those with a large number of users granted Site-level permissions. Shared hosting environments or deployments with less stringent access controls may be more vulnerable.
disclosure
Exploit-Status
EPSS
0.30% (53% Perzentil)
CVSS-Vektor
The primary mitigation for CVE-2019-5615 is to upgrade Rapid7 InsightVM to version 6.5.50 or later. Prior to upgrading, it is highly recommended to create a full backup of the InsightVM system to facilitate rollback if necessary. Review Site-level permissions and restrict access to only those users who require it. Consider implementing multi-factor authentication (MFA) for all administrator accounts to add an extra layer of security even if credentials are compromised. After upgrading, confirm the fix by verifying that the sensitive files containing the passwords and salts are no longer accessible to Site-level users.
Aktualisieren Sie Rapid7 InsightVM auf Version 6.5.50 oder höher. Dieses Update behebt die Schwachstelle der Exposition von gespeicherten Anmeldeinformationen. Weitere Details finden Sie in den Versionshinweisen von 6.5.50 auf der Rapid7-Website.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2019-5615 is a vulnerability in Rapid7 InsightVM versions 6.5.11–6.5.49 that allows Site-level users to access files containing encrypted administrator passwords and backup salts.
If you are running Rapid7 InsightVM version 6.5.11 through 6.5.49, you are potentially affected by this vulnerability.
Upgrade Rapid7 InsightVM to version 6.5.50 or later to remediate this vulnerability. Back up your system before upgrading.
There is currently no evidence of active exploitation of CVE-2019-5615.
Refer to the Rapid7 security advisory for detailed information and mitigation steps: https://www.rapid7.com/blog/post/2019-04-09-insightvm-credentials-leak/
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.