Cybersecurity AI Command Injection Vulnerability in SSH Command Execution Function

A command injection vulnerability has been identified in Cybersecurity AI (CAI) versions through 0.5.9. The issue arises in the function 'run_ssh_command_with_credentials()', which is accessible to AI agents. While the function attempts to escape inputs for password and command to prevent shell injection, it fails to do the same for username, host, and port, leaving these values open to injection. As a result, an attacker could manipulate the SSH command execution to execute arbitrary commands on the remote host.

Impact

Exploitation of this vulnerability allows for command injection on the host where CAI is deployed, with commands executed in the context of the user running the CAI framework.

Reproduction

To reproduce this vulnerability, create an HTML file containing a payload that exploits the command injection flaw by injecting a command into the SSH username field. Serve this file using a web server and then use the CAI framework to execute the 'run_ssh_command_with_credentials()' function, targeting the injected command payload.