Insight Agent OpenSSL Vuln. Detected by MDE/Defender

This might be helpful / insightful for some, so I’ll share…

Defender XDR portal (MDE agent) detected OpenSSL vuln. CVE-2024-12797 and CVE-2024-13176 with all our installed Rapid7 Insight agents ver. 4.0.17. The path proof provided was ‘c:\program files\rapid7\insight agent\components\insight_agent\4.0.17.21\lib\libcrypto-3-x64.dll’

However, InsightVM did not report this.

After confirming with R7 support:

Our Insight Agent (latest agent version using OpenSSL version 3.4.0.0) are not vulnerable to these CVEs:
CVE-2024-12797 - Medium The Insight Agent and the Rapid7 servers do not use Raw Public Keys (RPKs) at all and therefore has no real vulnerability from this CVE.
CVE-2024-13176 - Low The Insight Agent does not use ECDSA signature computations.

2 Likes