Unquoted Search Path Vulnerability in Rapid7 Nexpose Installer

Unquoted Search Path Vulnerability in Rapid7 Nexpose Installer

CVE-2020-7382 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

Rapid7 Nexpose installer version prior to 6.6.40 contains an Unquoted Search Path which may allow an attacker on the local machine to insert an arbitrary file into the executable path. This issue affects: Rapid7 Nexpose versions prior to 6.6.40.

Learn more about our Api Penetration Testing.