CVE-2024-8501
📋 TL;DR
This vulnerability allows any user to download arbitrary files from the rpc_agent's host system by exploiting the download_file method in modelscope/agentscope. This can lead to unauthorized access to sensitive information including configuration files, credentials, and system files. All users running the vulnerable version are affected.
💻 Affected Systems
- modelscope/agentscope
📦 What is this software?
Agentscope by Modelscope
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise through credential theft, privilege escalation, and lateral movement across the network.
Likely Case
Unauthorized access to sensitive configuration files, credentials, and application data leading to data breach.
If Mitigated
Limited to accessing only non-sensitive files if proper file permissions and network segmentation are in place.
🎯 Exploit Status
Exploitation requires understanding of the RPC interface but no authentication is needed once access is obtained.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version after v0.0.4 (check latest release)
Vendor Advisory: https://huntr.com/bounties/83e433c0-ed2d-4b10-8358-d3c1eee0a47c
Restart Required: No
Instructions:
1. Update modelscope/agentscope to the latest version. 2. Verify the rpc_agent_client component has been patched. 3. Test the download_file method with restricted paths.
🔧 Temporary Workarounds
Restrict RPC Agent Network Access
allLimit network access to the rpc_agent to only trusted IP addresses or networks.
Use firewall rules to restrict access: iptables -A INPUT -p tcp --dport [RPC_PORT] -s [TRUSTED_IP] -j ACCEPT
iptables -A INPUT -p tcp --dport [RPC_PORT] -j DROP
Implement File Access Controls
allSet strict file permissions on sensitive directories and files on the host system.
chmod 600 /path/to/sensitive/files
chown root:root /path/to/sensitive/directories
🧯 If You Can't Patch
- Isolate the vulnerable system in a restricted network segment with no internet access.
- Implement strict file system permissions and monitor for unauthorized file access attempts.
🔍 How to Verify
Check if Vulnerable:
Check if running modelscope/agentscope version v0.0.4 and test if download_file method allows arbitrary file paths.Check Version:
Check package version: pip show agentscope or review project configuration files.Verify Fix Applied:
After updating, test that download_file method rejects requests for files outside allowed directories.📡 Detection & Monitoring
Log Indicators:
- Unusual file download patterns via RPC interface
- Access to sensitive file paths in application logs
- Failed authorization attempts for file downloads
Network Indicators:
- Unusual RPC traffic patterns
- Multiple file download requests from single source
- Requests for known sensitive file paths
SIEM Query:
source="rpc_agent" AND (file_download="*" OR path="*/etc/*" OR path="*/home/*")