CVE-2024-29185

Name of the Vulnerable Software and Affected Versions FreeScout versions prior to 1.8.128

Description FreeScout is a self-hosted help desk and shared mailbox. The issue concerns OS Command Injection in the /public/tools.php source file. The value of the php path parameter is being executed as an OS command by the shell exec function, without validating it. This allows an adversary to execute malicious OS commands on the server. A practical demonstration of the successful command injection attack extracted the /etc/passwd file of the server, representing the complete compromise of the server hosting the FreeScout application. This attack requires an attacker to know the App Key of the application, which makes the attack complexity high. If an attacker gets hold of the App Key, they can compromise the complete server on which the application is deployed.

Recommendations For versions prior to 1.8.128, update to version 1.8.128 or later, which contains a patch for this issue. As a temporary workaround, consider restricting access to the /public/tools.php file or disabling the shell exec function until a patch is applied. Additionally, restrict access to the App Key to minimize the risk of exploitation.