Francescoraimondi

Name of the Vulnerable Software and Affected Versions: Wazuh versions prior to 4.9.0 Description: The issue is related to improper access control in the Wazuh agent for Windows, allowing a local malicious user to potentially exploit this vulnerability by placing a specially crafted DLL file in the installation folder or by replacing the service executable binary itself with a malicious one. This can lead to privilege escalation from a low-privileged user and obtain code execution under the context of NT AUTHORITYSYSTEM. Many DLLs are loaded from the installation folder, and by creating a malicious DLL that exports the functions of a legitimate one, it is possible to escalate privileges. Recommendations: For versions prior to 4.9.0, upgrade to version 4.9.0 to address the issue. As a temporary workaround, consider restricting access to the installation folder to minimize the risk of exploitation. Avoid using non-default installation paths, and ensure proper ACL is applied to the installation folder.

**Name of the Vulnerable Software and Affected Versions** GLPI Agent versions prior to 1.7.2 **Description** A local user can modify the GLPI-Agent code or used DLLs to modify agent logic and potentially gain higher privileges. **Recommendations** For versions prior to 1.7.2, upgrade to GLPI-Agent 1.7.2 to receive a patch. As a temporary workaround, consider using the default installation folder, which allows the installed folder to be automatically secured by the system.