CVE-2019-5640 : What You Need to Know

Rapid7 Nexpose versions prior to 6.6.114 suffer from an information exposure issue that allows attackers to access user data after logout.

Understanding CVE-2019-5640

This CVE involves an information disclosure vulnerability in Rapid7 Nexpose versions older than 6.6.114, potentially exposing sensitive data.

What is CVE-2019-5640?

Rapid7 Nexpose versions before 6.6.114 have a flaw that enables attackers to view details from the last webpage visited by a user after their session ends due to inactivity.

The Impact of CVE-2019-5640

The vulnerability poses a low-severity risk with a CVSS base score of 3.3. Attackers with local access can exploit this issue to access limited user information.

Technical Details of CVE-2019-5640

This section delves into the specifics of the vulnerability.

Vulnerability Description

The vulnerability allows attackers to remove the login panel using the inspect element feature, granting access to the previous user's last visited webpage details.

Affected Systems and Versions

Product: Nexpose
Vendor: Rapid7
Versions Affected: Custom version 1.0 up to 6.6.114

Exploitation Mechanism

Attack Complexity: Low
Attack Vector: Local
Privileges Required: Low
User Interaction: None
Confidentiality Impact: Low
Integrity Impact: None
Availability Impact: None
Vector String: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Mitigation and Prevention

Protecting systems from this vulnerability is crucial for maintaining security.

Immediate Steps to Take

Upgrade Nexpose to version 6.6.114 or later to mitigate the issue.
Monitor user sessions for suspicious activity.

Long-Term Security Practices

Implement multi-factor authentication to enhance login security.
Regularly review and update security configurations.

Patching and Updates

Stay informed about security patches and updates from Rapid7.