CVE-2024-28241: 
GLPI Agent vulnerability analysis and mitigation

The GLPI Agent, a generic management agent, was found to contain a security vulnerability (CVE-2024-28241) prior to version 1.7.2. The vulnerability was discovered and disclosed on April 25, 2024, affecting all versions of GLPI Agent before version 1.7.2. This security issue specifically impacts the Windows MSI package installation when using non-default installation folders (GitHub Advisory, NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) by NVD with vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, while GitHub assigned a score of 7.3 (HIGH) with vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H. The vulnerability is related to improper privilege management (CWE-269) where the MSI package installation doesn't update folder security profile when using non-default installation folders (NVD).

When exploited, this vulnerability allows a local user to modify GLPI-Agent code or used DLLs to modify agent logic and potentially gain higher privileges on the system. The impact is particularly severe as it affects all three main security aspects - confidentiality, integrity, and availability - with high severity ratings (GitHub Advisory).

Users are advised to upgrade to GLPI-Agent version 1.7.2 which contains the security fix. As a workaround, users can use the default installation folder, which automatically secures the installed folder by the system. Additionally, users can manually secure the folder security profile to limit non-administrator users' rights (GitHub Advisory).