CVE-2022-0237: 
Rapid7 Insight Cloud Agent vulnerability analysis and mitigation

CVE-2022-0237 is a privilege escalation vulnerability affecting Rapid7 Insight Agent versions 3.1.2.38 and earlier. The vulnerability was discovered and reported to Rapid7 by Ryan Schachtschneider, and was disclosed on January 21, 2022. The vulnerability affects the ir_agent.exe component of the Rapid7 Insight Agent software (Rapid7 DB).

The vulnerability stems from an unquoted argument to the runas.exe command used by the ir_agent.exe component. When the Insight Agent makes calls using the Windows 'runas' command with single quotes instead of double quotes, particularly for paths containing spaces, it creates a security weakness. The vulnerability has been assigned a CVSS score of 7.0, indicating high severity (Rapid7 DB).

If exploited, this vulnerability allows an attacker to hijack the flow of execution, resulting in elevated rights and persistent access to the machine. Since the process runs with SYSTEM privileges, any malicious code executed through this vulnerability would inherit these high-level privileges (Rapid7 Release Notes).

The vulnerability was fixed in Rapid7 Insight Agent version 3.1.3.80, released on February 25, 2022. The fix involves properly implementing double-quoted paths when using the Windows runas command. Organizations using affected versions should upgrade to version 3.1.3.80 or later (Rapid7 Release Notes).