Plattform
windows
Komponente
glpi-agent
Behoben in
1.7.3
CVE-2024-28241 describes a privilege escalation vulnerability within the GLPI Agent, a generic management agent. This flaw allows a local attacker to modify the agent's code or associated DLLs, potentially leading to unauthorized privilege elevation. The vulnerability impacts versions of GLPI Agent up to and including 1.7.1. A patch is available in version 1.7.2.
This vulnerability allows a local attacker to significantly compromise a system running the GLPI Agent. By modifying the agent's code or DLLs, an attacker can execute arbitrary code with the privileges of the agent process. This could enable them to gain control over sensitive data, install malware, or even escalate their privileges to the system administrator level. The impact is particularly severe in environments where the GLPI Agent is deployed with elevated permissions to manage systems or collect data. The potential for lateral movement is high, as a compromised agent could be used as a foothold to attack other systems on the network.
CVE-2024-28241 was publicly disclosed on April 25, 2024. The vulnerability's impact is tied to local access, which may limit immediate widespread exploitation. There is no indication of this vulnerability being added to the CISA KEV catalog or active exploitation campaigns at this time. Public proof-of-concept (PoC) code is not currently available, but the potential for such development exists given the vulnerability's nature.
Organizations utilizing the GLPI Agent for system management, particularly those with deployments where the agent runs with elevated privileges, are at risk. Environments with legacy configurations or shared hosting setups where agent installations are not tightly controlled are also more vulnerable. Any system running GLPI Agent versions prior to 1.7.2 should be considered at risk.
• windows / supply-chain:
Get-Process -Name GLPIAgent | Select-Object -ExpandProperty Path• windows / supply-chain:
Get-ItemProperty 'HKLM:\Software\GLPI Agent' -Name Version• windows / supply-chain: Check Autoruns for unusual GLPI Agent entries. • windows / supply-chain: Monitor Windows Defender for alerts related to GLPI Agent process modifications.
disclosure
Exploit-Status
EPSS
0.04% (14% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2024-28241 is to upgrade the GLPI Agent to version 1.7.2 or later, which includes a patch addressing the vulnerability. If immediate upgrading is not feasible, a temporary workaround involves utilizing the default installation folder for the GLPI Agent. This leverages the system's built-in security mechanisms to protect the agent's files from unauthorized modification. Ensure file system permissions are appropriately configured to restrict write access to the agent's installation directory. After upgrading, verify the agent's integrity by checking the file hashes against the vendor's published checksums.
Actualice GLPI-Agent a la versión 1.7.2 o superior. Como alternativa, instale el agente en la carpeta de instalación predeterminada, ya que esta carpeta está automáticamente protegida por el sistema.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-28241 is a HIGH severity vulnerability affecting GLPI Agent versions up to 1.7.1, allowing a local attacker to modify agent code and gain higher privileges.
If you are running GLPI Agent version 1.7.1 or earlier, you are affected by this vulnerability. Upgrade to 1.7.2 to mitigate the risk.
Upgrade GLPI Agent to version 1.7.2 or later. As a temporary workaround, use the default installation folder for the agent.
There are currently no confirmed reports of active exploitation, but the potential for DLL injection makes it a concerning vulnerability.
Refer to the GLPI Agent official website or security advisories for the latest information and updates regarding CVE-2024-28241.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.