CVE-2020-7382

{"id": "CVE-2020-7382", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.4, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.6}, {"type": "Secondary", "source": "cve@rapid7.con", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 0.2}]}, "published": "2020-09-03T14:15:11.103", "references": [{"url": "https://help.rapid7.com/insightvm/en-us/release-notes/index.html?pid=6.6.40", "tags": ["Release Notes", "Vendor Advisory"], "source": "cve@rapid7.con"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-428"}]}, {"type": "Secondary", "source": "cve@rapid7.con", "description": [{"lang": "en", "value": "CWE-428"}]}], "descriptions": [{"lang": "en", "value": "Rapid7 Nexpose installer version prior to 6.6.40 contains an Unquoted Search Path which may allow an attacker on the local machine to insert an arbitrary file into the executable path. This issue affects: Rapid7 Nexpose versions prior to 6.6.40."}, {"lang": "es", "value": "El instalador de Rapid7 Nexpose versiones anteriores a 6.6.40, contiene una Ruta de B\u00fasqueda Sin Comillas que puede permitir a un atacante en la m\u00e1quina local insertar un archivo arbitrario en la ruta ejecutable. Este problema afecta a: Rapid7 Nexpose versiones anteriores a 6.6.40"}], "lastModified": "2020-09-11T15:49:04.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:rapid7:nexpose:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C3F6D1B0-EBA8-49AF-85E7-5D38810610F3", "versionEndExcluding": "6.6.40"}], "operator": "OR"}]}], "sourceIdentifier": "cve@rapid7.con"}