Glpi Agent Remote Command Injection Vulnerability Allows High Privilege Escalation

CVECVE-2023-34254
CVSScvssV3_1: 7.7
SourceCVE-2023-34254

GLPI Agent, which is a generic management agent used for remote inventory, was affected by a remote command injection vulnerability prior to version 1.5. This vulnerability could allow a malicious user to gain high level privileges on systems where the agent was running.

The vulnerability existed in the way GLPI Agent executed SSH commands on remote Unix systems during the remote inventory process. A malicious user able to interact with the agent during this workflow could inject arbitrary commands that would then be executed with the same privileges as the agent.

If the agent was running with administrative privileges, this would essentially allow the attacker to gain full control of the system. They could install malware, steal data, or carry out other malicious actions. Additionally, they could discover all remote access credentials the agent had configured for inventory purposes.

This vulnerability has been addressed in GLPI Agent version 1.5. Administrators should ensure they have updated to the latest version to protect themselves against privilege escalation attacks. It’s also recommended to review permissions and limit the level of access granted to the agent where possible. Regular monitoring and logging of SSH activities can help detect any unauthorized command execution.

References