CVE-2024-28240

The GLPI Agent is a generic management agent. A vulnerability that only affects GLPI-Agent installed on windows via MSI packaging can allow a local user to cause denial of agent service by replacing GLPI server url with a wrong url or disabling the service. Additionally, in the case the Deploy task is installed, a local malicious user can trigger privilege escalation configuring a malicious server providing its own deploy task payload. GLPI-Agent 1.7.2 contains a patch for this issue. As a workaround, edit GLPI-Agent related key under `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall` and add `SystemComponent` DWORD value setting it to `1` to hide GLPI-Agent from installed applications.

CVSS v3 7.3 HIGH

7.3^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.3 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/glpi-project/glpi-agent/commit/41bbb1169e899bd15350a9e2fdbf9269a3b7a14f
https://github.com/glpi-project/glpi-agent/security/advisories/GHSA-hx3x-mmqg-h3jp
https://github.com/glpi-project/glpi-agent/commit/41bbb1169e899bd15350a9e2fdbf9269a3b7a14f
https://github.com/glpi-project/glpi-agent/security/advisories/GHSA-hx3x-mmqg-h3jp

Configurations

No configuration.

History

21 Nov 2024, 09:06

Type	Values Removed	Values Added
Summary		(es) El Agente GLPI es un agente de gestión genérico. Una vulnerabilidad que solo afecta al GLPI-Agent instalado en Windows a través del paquete MSI puede permitir que un usuario local provoque la denegación del servicio del agente reemplazando la URL del servidor GLPI con una URL incorrecta o deshabilitando el servicio. Además, en el caso de que se instale la tarea de implementación, un usuario malicioso local puede desencadenar una escalada de privilegios configurando un servidor malicioso que proporcione su propio payload de la tarea de implementación. GLPI-Agent 1.7.2 contiene un parche para este problema. Como workaround, edite la clave relacionada con GLPI-Agent en `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall` y agregue el valor DWORD `SystemComponent` configurándolo en `1` para ocultar GLPI-Agent de las aplicaciones instaladas.
References	~~() https://github.com/glpi-project/glpi-agent/commit/41bbb1169e899bd15350a9e2fdbf9269a3b7a14f -~~	() https://github.com/glpi-project/glpi-agent/commit/41bbb1169e899bd15350a9e2fdbf9269a3b7a14f -
References	~~() https://github.com/glpi-project/glpi-agent/security/advisories/GHSA-hx3x-mmqg-h3jp -~~	() https://github.com/glpi-project/glpi-agent/security/advisories/GHSA-hx3x-mmqg-h3jp -

25 Apr 2024, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-04-25 17:15

Updated : 2024-11-21 09:06

NVD link : CVE-2024-28240

Mitre link : CVE-2024-28240

CVE.ORG link : CVE-2024-28240

JSON object : View

Products Affected

No product.

CWE

CWE-20

Improper Input Validation

7.3 /10