CVE-2024-28240 Information
Description
The GLPI Agent is a generic management agent. A vulnerability that only affects GLPI-Agent installed on windows via MSI packaging can allow a local user to cause denial of agent service by replacing GLPI server url with a wrong url or disabling the service. Additionally in the case the Deploy task is installed a local malicious user can trigger privilege escalation configuring a malicious server providing its own deploy task payload. GLPI-Agent 1.7.2 contains a patch for this issue. As a workaround edit GLPI-Agent related key under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall and add SystemComponent DWORD value setting it to 1 to hide GLPI-Agent from installed applications.
Reference
https://github.com/glpi-project/glpi-agent/security/advisories/GHSA-hx3x-mmqg-h3jp
https://github.com/glpi-project/glpi-agent/commit/41bbb1169e899bd15350a9e2fdbf9269a3b7a14f
The
GLPI
Agent
is
a
generic
management
agent.
A
vulnerability
that
only
affects
GLPI-Agent
installed
on
windows
via
MSI
packaging
can
allow
a
local
user
to
cause
denial
of
agent
service
by
replacing
GLPI
server
url
with
a
wrong
url
or
disabling
the
service.
Additionally
in
the
case
the
Deploy
task
is
installed
a
local
malicious
user
can
trigger
privilege
escalation
configuring
a
malicious
server
providing
its
own
deploy
task
payload.
GLPI-Agent
1.7.2
contains
a
patch
for
this
issue.
As
a
workaround
edit
GLPI-Agent
related
key
under
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
and
add
SystemComponent
DWORD
value
setting
it
to
1
to
hide
GLPI-Agent
from
installed
applications.