Description
OS Command Injection vulnerability in Rapid7 InsightConnect Tcpdump Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the options or filter parameters due to insufficient input sanitization in shell command construction.
Severity (CVSS)
| Base score | 6 |
|---|---|
| Severity | Medium |
| Version | CVSS 3.1 |
| Vector | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L |
| Provided by | CNA |
Weaknesses
- CWE-78 — CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Affected products
| Vendor | Product | Versions |
|---|---|---|
| Rapid7 | InsightConnect Tcpdump Plugin | 0 to <2.0.0; 2.0.0 |
References
- https://extensions.rapid7.com/extension/tcpdump (vendor-advisory)
Generated from the official CVE List on 25 Jun 2026 10:14 UTC.