{"id":"CVE-2024-28240","summary":"GLPI-Agent's MSI package installation permits local users to change Agent configuration","details":"The GLPI Agent is a generic management agent. A vulnerability that only affects GLPI-Agent installed on windows via MSI packaging can allow a local user to cause denial of agent service by replacing GLPI server url with a wrong url or disabling the service. Additionally, in the case the Deploy task is installed, a local malicious user can trigger privilege escalation configuring a malicious server providing its own deploy task payload. GLPI-Agent 1.7.2 contains a patch for this issue. As a workaround, edit GLPI-Agent related key under `HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall` and add `SystemComponent` DWORD value setting it to `1` to hide GLPI-Agent from installed applications.","aliases":["GHSA-hx3x-mmqg-h3jp"],"modified":"2026-04-02T10:08:12.309169Z","published":"2024-04-25T16:37:32.215Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/28xxx/CVE-2024-28240.json","cna_assigner":"GitHub_M","cwe_ids":["CWE-20"]},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/28xxx/CVE-2024-28240.json"},{"type":"ADVISORY","url":"https://github.com/glpi-project/glpi-agent/security/advisories/GHSA-hx3x-mmqg-h3jp"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-28240"},{"type":"FIX","url":"https://github.com/glpi-project/glpi-agent/commit/41bbb1169e899bd15350a9e2fdbf9269a3b7a14f"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/glpi-project/glpi-agent","events":[{"introduced":"0"},{"fixed":"870596d2472a79b8fbf4772bc626b113fd1dda35"}]}],"versions":["1.0","1.0-beta1","1.1","1.10","1.11","1.12","1.13","1.14","1.15","1.16","1.17","1.2","1.3","1.4","1.5","1.6","1.6.1","1.7","1.7.1","1.8","1.9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-28240.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"}]}