A vulnerability in a vulnerability scanner tool is as rare as hens’ teeth. However, researcher Mikhail Klyuchnikov of Positive Technologies achieved this rather rare feat by spotting a vulnerability in Rapid7’s Nexpose vulnerability scanner tool. The said vulnerability allowed attackers to perform certain SQL injection technique to obtain unauthorized access to the tool’s resources and data. The affected versions of the security console are v6.6.48 and earlier.
What are Vulnerability Scanners
Vulnerability scanners are automated tools that allow IT teams to manage their networks, systems, and applications for any security weaknesses that could expose them to attacks. Vulnerability scanning is a common practice across organizations and is often mandated by industry standards and government regulations to improve the organization’s security posture.
The Vulnerability in the Vulnerability Scanner
If exploited, the vulnerability in Rapid7’s Nexpose tool could allow attackers to escalate low system privileges. Leveraging this, the attackers could further obtain unauthorized access to the tool’s internal resources and data and move laterally. The vulnerability, which is recorded under CVE-2020-7383, is moderately severe with a CVSS severity score of 6.5. However, a low severity score does not mean that the damages forecast would be any less. This vulnerability enables attackers to perform an SQL injection technique, which can be used to access certain data stored in a database. This data may include information on detected vulnerabilities, past scans, and policies. An attacker could also perform SQL injection as part of the denial of service (DoS) attacks on the database to disrupt the normal functioning of the web interface.
This vulnerability enables a logged-in attacker to access and modify certain database records, as well as add new ones. Only a low level of system privileges is necessary to exploit this vulnerability and obtain access to data that should not be visible to a user with that level of privileges.
– Mikhail Klyuchnikov
Looking at its critical nature, the developers at Nexpose fixed the vulnerability and released the update to its users in its v6.6.49 version.