CVE-2017-5234 Rapid7 CVE debrief

Who should care

Administrators, endpoint security teams, and anyone deploying or running Rapid7 Insight Collector installers version 1.0.15 or earlier should treat this as relevant, especially if installers may be launched from writable or untrusted directories.

Technical summary

NVD maps CVE-2017-5234 to CWE-426 and assigns CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerable installer can resolve a DLL from the current working directory, so a malicious library placed alongside the installer may be loaded during installation. The supplied NVD references point to a Rapid7 vendor advisory and a third-party advisory entry; the corpus indicates mitigation by moving to version 1.0.16 or later.

Defensive priority

High. The impact is severe, but exploitation requires a local installer launch and user interaction. Prioritize upgrading affected systems and controlling where the installer is run.

Recommended defensive actions

• Upgrade Rapid7 Insight Collector to version 1.0.16 or later.
• Do not run the installer from directories that contain untrusted or attacker-writable files.
• Use a trusted, controlled staging directory for installer execution.
• Remove suspicious DLLs from the working directory before launching the installer.
• Obtain installers only from Rapid7-approved sources and restrict who can place files in installation paths.

Evidence notes

The supplied NVD metadata says Rapid7 Insight Collector installers through 1.0.15 are affected and maps the issue to CWE-426. NVD also references the Rapid7 community advisory and a SecurityFocus entry. The record was published on 2017-03-02 and later modified on 2026-05-13; those dates describe record timing, not a new vulnerability date.

Official resources