Description

OS Command Injection vulnerability in Rapid7 InsightConnect Tcpdump Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the options or filter parameters due to insufficient input sanitization in shell command construction.

Severity (CVSS)

Base score6
SeverityMedium
VersionCVSS 3.1
VectorCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L
Provided byCNA

Weaknesses

  • CWE-78 — CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Affected products

VendorProductVersions
Rapid7InsightConnect Tcpdump Plugin0 to <2.0.0; 2.0.0

References

Authoritative sources

This page is a snapshot. For the latest enrichment and updates, view the record on CVE.org or the NVD.

Generated from the official CVE List on 25 Jun 2026 10:14 UTC.