OS Command Injection vulnerability in the ping action of Rapid7 InsightConnect Ping Plugin on Linux allows remote attackers to execute arbitrary OS commands via the host parameter due to insufficient input validation when constructing shell commands.
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:LLinux Kernel
OSLinuxwszystkie wersjeRapid7 Insightconnect Ping
APPRapid7< 1.0.4
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Command Injection
CWE
References
Related vulnerabilities
CVE-2025-10585CRITICAL9.8⚠ KEVPL ✓ten sam produkt
Type confusion w V8 (Google Chrome) — zdalne uszkodzenie sterty
CVE-2025-34028CRITICAL9.3⚠ KEVPL ✓ten sam produkt
Commvault Command Center – nieuwierzytelniony RCE przez path traversal w ZIP
CVE-2022-47986CRITICAL9.8⚠ KEVten sam produkt
IBM Aspera Faspex 4.4.2 Patch Level 1 and earlier could allow a remote attacker to execute arbitrary code on t...
CVE-2022-22954CRITICAL9.8⚠ KEVten sam produkt
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-s...
CVE-2020-4006CRITICAL9.1⚠ KEVten sam produkt
VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a...