EUVD-2023-32468

Comprehensive Technical Analysis of EUVD-2023-32468

1. Vulnerability Assessment and Severity Evaluation

The vulnerability identified in EUVD-2023-32468 affects GLPI, a widely-used asset and IT management software package. The issue is a SQL Injection vulnerability present in versions starting from 0.50 up to 9.5.12 and 10.0.6. This vulnerability allows users with specific access rights to extract all data from the database and, in some cases, write a webshell on the server.

Severity Evaluation:

• Base Score: 9.6 (CVSS:3.1)
• Vector String: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

The high base score indicates a critical vulnerability due to the following factors:

• Attack Vector (AV:N): Network exploitable.
• Attack Complexity (AC:L): Low complexity.
• Privileges Required (PR:L): Low privileges required.
• User Interaction (UI:N): No user interaction required.
• Scope (S:C): Change in scope.
• Confidentiality (C:H): High impact on confidentiality.
• Integrity (I:H): High impact on integrity.
• Availability (A:N): No impact on availability.

2. Potential Attack Vectors and Exploitation Methods

Attack Vectors:

• SQL Injection: Attackers can exploit the vulnerability by injecting malicious SQL queries through the statistics or reports modules.
• Webshell Deployment: In some cases, attackers can write a webshell on the server, allowing them to execute arbitrary commands.

Exploitation Methods:

• Data Exfiltration: By injecting SQL queries, attackers can extract sensitive data from the database.
• Command Execution: Writing a webshell enables attackers to execute commands on the server, potentially leading to full system compromise.

3. Affected Systems and Software Versions

Affected Versions:

• GLPI versions from 0.50 to 9.5.12
• GLPI versions from 10.0.0 to 10.0.6

Patched Versions:

• GLPI 9.5.13
• GLPI 10.0.7

4. Recommended Mitigation Strategies

Immediate Mitigation:

• Remove Access Rights: Temporarily remove Assistance > Statistics and Tools > Reports read rights from all users to prevent exploitation.

Long-Term Mitigation:

• Update Software: Upgrade to the patched versions (9.5.13 or 10.0.7) to eliminate the vulnerability.
• Regular Audits: Conduct regular security audits and vulnerability assessments.
• Input Validation: Implement robust input validation and sanitization mechanisms to prevent SQL injection attacks.

5. Impact on European Cybersecurity Landscape

The vulnerability poses a significant risk to organizations using GLPI within the European Union. Given the critical nature of the vulnerability, it could lead to data breaches, unauthorized access, and potential system compromises. This underscores the importance of timely patching and regular security assessments to protect sensitive data and maintain the integrity of IT systems.

6. Technical Details for Security Professionals

Vulnerability Details:

• CVE ID: CVE-2023-28838
• GSD ID: GSD-2023-28838
• EPSS Score: 1 (indicating a low likelihood of exploitation in the wild, but this should not be a reason to ignore the vulnerability)

References:

• GLPI 10.0.7 Release
• GLPI 9.5.13 Release
• GitHub Security Advisory

ENISA IDs:

• Product:
  • ID: 19a2ab20-c37c-374c-bd07-23d90062d41e, Product: GLPI, Version: 10.0.0, < 10.0.7
  • ID: d7b0ef1b-c449-3edd-a699-7709a1849d37, Product: GLPI, Version: 0.50, < 9.5.13
• Vendor:
  • ID: 8271d531-049c-391d-99ea-5827be5d9c62, Vendor: glpi-project

Conclusion: This vulnerability highlights the importance of maintaining up-to-date software and implementing robust security measures. Organizations should prioritize patching affected systems and reviewing access controls to mitigate the risk of exploitation. Regular security assessments and adherence to best practices will help in maintaining a secure IT environment.