CVE-2024-8502
📋 TL;DR
This vulnerability allows remote attackers to execute arbitrary code on servers running modelscope/agentscope v0.0.6a3 by sending malicious serialized data to the RPC agent server. The deserialization of untrusted data using the dill library enables complete system compromise. Any organization using the vulnerable version with the RPC agent server exposed is affected.
💻 Affected Systems
- modelscope/agentscope
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise allowing attacker to execute arbitrary commands, steal data, install malware, pivot to other systems, and maintain persistent access.
Likely Case
Remote code execution leading to data exfiltration, service disruption, and potential lateral movement within the network.
If Mitigated
Limited impact if proper network segmentation and access controls prevent exploitation attempts.
🎯 Exploit Status
The vulnerability is straightforward to exploit as it involves sending malicious serialized payloads to the vulnerable endpoint. Public proof-of-concept exists on huntr.com.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: v0.0.6a4 or later
Vendor Advisory: https://huntr.com/bounties/7a42da2a-2ae5-442d-aff9-c9a3b47870eb
Restart Required: Yes
Instructions:
1. Update modelscope/agentscope to version v0.0.6a4 or later. 2. Restart all agent server instances. 3. Verify the patch is applied by checking the version.
🔧 Temporary Workarounds
Network Isolation
linuxRestrict network access to the RPC agent server using firewall rules
iptables -A INPUT -p tcp --dport [AGENT_PORT] -j DROP
ufw deny [AGENT_PORT]
Disable RPC Agent Server
allStop using the vulnerable RpcAgentServerLauncher class if not required
systemctl stop agentscope-rpc
pkill -f 'python.*agentscope.*rpc'
🧯 If You Can't Patch
- Implement strict network segmentation to isolate the vulnerable service from untrusted networks
- Deploy application-level firewalls or WAFs to inspect and block malicious serialized payloads
🔍 How to Verify
Check if Vulnerable:
Check if agentscope version is v0.0.6a3 and RPC agent server is running. Review logs for deserialization errors or unexpected process creation.Check Version:
python -c "import agentscope; print(agentscope.__version__)"Verify Fix Applied:
Confirm agentscope version is v0.0.6a4 or later. Test that dill.loads no longer processes untrusted input in AgentServerServicer.create_agent.📡 Detection & Monitoring
Log Indicators:
- Unusual deserialization errors
- Unexpected process creation from agent server
- Large or malformed serialized data in RPC requests
Network Indicators:
- Unusual outbound connections from agent server
- Suspicious payloads to RPC agent port
- Anomalous network traffic patterns
SIEM Query:
source="agent-server" AND (event="deserialization_error" OR process="unexpected_executable")