CVE-2021-4007: 
Rapid7 Insight Cloud Agent vulnerability analysis and mitigation

Rapid7 Insight Agent, versions 3.0.1 to 3.1.2.34, contained a local privilege escalation vulnerability due to an uncontrolled DLL search path. The vulnerability was discovered in December 2021 and was assigned CVE-2021-4007. This issue was a regression of a previous vulnerability (CVE-2019-5629) and was fixed in Rapid7 Insight Agent version 3.1.2.35 (NVD, Release Notes).

The vulnerability stems from an uncontrolled DLL search path issue. When Insight Agent starts, the Python interpreter attempts to load python3.dll at 'C:\DLLs\python3.dll,' which is typically writable by locally authenticated users. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating local access requirements but high impact potential. The weakness is categorized as CWE-427 (Uncontrolled Search Path Element) (NVD).

If exploited, this vulnerability allows a malicious local user to leverage Insight Agent's startup conditions to elevate their privileges to SYSTEM level, effectively gaining complete control over the affected system (NVD).

The vulnerability was addressed in Rapid7 Insight Agent version 3.1.2.35. Users should upgrade to this version or later to mitigate the risk (Release Notes).

Credit for discovering and reporting this vulnerability was given to security researcher Dawson Medin (Release Notes).