CVE-2017-5232 Rapid7 CVE debrief

Who should care

Security teams, Windows administrators, and endpoint or software deployment teams that run Rapid7 Nexpose installers should care most. The risk is highest where installers are executed from writable or user-controlled directories, or where deployment processes do not tightly control the installer working directory.

Technical summary

NVD classifies the weakness as CWE-426 (Untrusted Search Path). The affected product range is Rapid7 Nexpose versions up to and including 6.4.23, with 6.4.24 identified as the fixed release in the provided vendor context. The CVSS vector indicates local attack conditions with low complexity, no privileges required, user interaction required, and high impact if a malicious DLL is loaded during installation.

Defensive priority

High for any environment still using affected installer versions or re-running archived installers. This is a pre-installation execution risk, so it should be addressed before software deployment activities continue.

Recommended defensive actions

• Upgrade Rapid7 Nexpose installers and deployment media to version 6.4.24 or later.
• Do not run installers from writable or shared directories; use a trusted, read-only staging path.
• Review deployment scripts and packaging workflows to ensure the installer working directory cannot be influenced by untrusted users.
• Restrict write access on systems used to stage or launch installers.
• Verify installer integrity from vendor sources before use, and remove outdated installer copies from internal repositories.
• Inventory any remaining Nexpose installer artifacts that predate 6.4.24 and replace them with fixed versions.

Evidence notes

The supplied NVD record lists affected Nexpose versions through 6.4.23 and maps the issue to CWE-426. The Rapid7 vendor advisory referenced in NVD provides mitigation context, and the CVE publication date supplied is 2017-03-02. No KEV entry was provided in the supplied enrichment.

Official resources