CVE-2019-5629: 
Rapid7 Insight Cloud Agent vulnerability analysis and mitigation

CVE-2019-5629 is a local privilege escalation vulnerability discovered in Rapid7's Insight Agent Windows Client versions prior to 2.6.5.8. The vulnerability was discovered on May 22, 2019, and was publicly disclosed on June 3, 2019. The affected software is Rapid7's InsightIDR agent, which is a security tool for incident detection and response, authentication monitoring, and endpoint visibility (Rapid7 Blog).

The vulnerability exists in the ir_agent Windows Service, which runs with SYSTEM privileges and automatically starts on system boot. The service attempts to load a DLL at 'C:\DLLs\python3.dll,' which normally is writable by locally authenticated users. This DLL loading behavior creates a path for privilege escalation. The vulnerability has a CVSS score of 7.0, indicating high severity with local access requirements (Rapid7 DB).

When exploited, this vulnerability allows any local user to gain full control over the affected system, effectively elevating their privileges to SYSTEM level access. This means an attacker could perform administrative actions, including creating new administrative users and executing commands with the highest system privileges (Security Blog).

The vulnerability has been fixed in Rapid7 Insight Agent version 2.6.5.8. Users are advised to update to this version or later to mitigate the vulnerability. The fix was released on May 29, 2019, shortly after the vulnerability was reported (Rapid7 DB).