CVE-2020-7382: Unquoted Path in Rapid7 Nexpose Installer
First published: Thu Sep 03 2020(Updated: )
Rapid7 Nexpose installer version prior to 6.6.40 contains an Unquoted Search Path which may allow an attacker on the local machine to insert an arbitrary file into the executable path. This issue affects: Rapid7 Nexpose versions prior to 6.6.40.
Credit: cve@rapid7.con
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Rapid7 Nexpose | <6.6.40 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2020-7382?
CVE-2020-7382 is a vulnerability in Rapid7 Nexpose installer versions prior to 6.6.40 that contains an unquoted search path, allowing an attacker to insert an arbitrary file into the executable path.
How does CVE-2020-7382 affect Rapid7 Nexpose?
CVE-2020-7382 affects Rapid7 Nexpose versions prior to 6.6.40.
What is the severity of CVE-2020-7382?
The severity of CVE-2020-7382 is medium with a severity value of 6.5.
How can an attacker exploit CVE-2020-7382?
An attacker on the local machine can exploit CVE-2020-7382 by inserting an arbitrary file into the executable path.
How can I fix CVE-2020-7382?
To fix CVE-2020-7382, update Rapid7 Nexpose installer to version 6.6.40 or later.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/title
- agent/author
- agent/weakness
- agent/references
- agent/event
- agent/tags
- agent/description
- agent/first-publish-date
- vendor/rapid7
- canonical/rapid7 nexpose