BAE SOCET GXP Command Injection Vulnerability in GXP Job Service

A command injection vulnerability has been identified in BAE SOCET GXP versions prior to 4.6.0.2. The issue arises in the GXP Job Service, which by default allows connections from all IP addresses. If the Job Service is not reconfigured during installation and is permitted through the local Windows Firewall (or if the firewall is disabled), a remote attacker can execute arbitrary commands with the privileges of the SOCET GXP Job Service. In Basic mode, the Job Service runs only when SOCET GXP is active, using the permissions of the user who launched the application.

Impact

Exploitation of this vulnerability could lead to unauthorized command execution on the server, with the commands being executed under the privileges of the SOCET GXP Job Service.

Remediation

Users are advised to update to SOCET GXP version 4.6.0.2 or later, which disables network access for the GXP Job Service by default. For those unable to update immediately, network access can be restricted by removing allowed IPs from the Job Service configuration window or by blocking access to the Job Service ports in the Windows Firewall. Assistance with these changes is available through BAE's Customer Technical Support.