Platform
windows
Component
glpi-agent
Fixed in
1.7.3
CVE-2024-28241 describes a privilege escalation vulnerability within the GLPI Agent, a generic management agent. This flaw allows a local attacker to modify the agent's code or associated DLLs, potentially leading to unauthorized privilege elevation. The vulnerability impacts versions of GLPI Agent up to and including 1.7.1. A patch is available in version 1.7.2.
Successful exploitation of CVE-2024-28241 allows a local attacker to gain elevated privileges on the system where the GLPI Agent is installed. This could enable them to execute arbitrary code with higher permissions, potentially compromising sensitive data, disrupting system operations, or establishing a persistent foothold. The impact is particularly severe in environments where the GLPI Agent is deployed with administrative privileges or has access to critical resources. The ability to modify DLLs introduces a significant attack surface, as malicious code can be injected into system libraries to achieve persistence and evade detection.
CVE-2024-28241 was publicly disclosed on April 25, 2024. The vulnerability's impact hinges on local access to the target system, limiting the scope of remote exploitation. There are currently no known public proof-of-concept exploits available, but the potential for DLL injection makes it a concerning vulnerability. Its severity is rated HIGH (CVSS 7.3), indicating a significant risk if exploited.
Exploit Status
EPSS
0.04% (14% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2024-28241 is to upgrade the GLPI Agent to version 1.7.2 or later, which includes a patch addressing the vulnerability. If immediate upgrading is not feasible, a temporary workaround involves utilizing the default installation folder for the GLPI Agent. This leverages the system's inherent security mechanisms to protect the agent's files from unauthorized modification. Consider implementing least privilege principles for the GLPI Agent user account to limit the potential impact of a successful attack. After upgrading, verify the agent's integrity by checking the version number and reviewing system logs for any suspicious activity.
Update GLPI-Agent to version 1.7.2 or later. As an alternative, install the agent in the default installation folder, as this folder is automatically protected by the system.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-28241 is a HIGH severity vulnerability affecting GLPI Agent versions up to 1.7.1, allowing a local attacker to modify agent code and gain higher privileges.
If you are running GLPI Agent version 1.7.1 or earlier, you are affected by this vulnerability. Upgrade to 1.7.2 to mitigate the risk.
Upgrade GLPI Agent to version 1.7.2 or later. As a temporary workaround, use the default installation folder for the agent.
There are currently no confirmed reports of active exploitation, but the potential for DLL injection makes it a concerning vulnerability.
Refer to the GLPI Agent official website or security advisories for the latest information and updates regarding CVE-2024-28241.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.