Cybersecurity AI Argument Injection Vulnerability in Find File Tool Allowing Remote Code Execution

A critical argument injection vulnerability has been identified in the Cybersecurity AI (CAI) framework, specifically in versions through 0.5.10. The issue arises in the 'find_file()' tool, where user-controlled input is directly passed to shell commands via 'subprocess.Popen()' with 'shell=True'. This allows attackers to execute arbitrary commands on the host system. The vulnerability is particularly concerning because the 'find_file()' tool is executed without user approval, bypassing any safety mechanisms. By injecting malicious arguments into the 'args' parameter, an attacker can exploit this vulnerability to achieve remote code execution.

Impact

Exploitation of this vulnerability allows for remote code execution on the host system.

Reproduction

To reproduce this vulnerability, inject a payload into an HTML comment that tricks the CAI agent into using the 'find_file()' tool with malicious arguments. The injected arguments should include dangerous flags that enable command execution, such as '-exec', followed by a command to be executed. Once the payload is processed by the CAI agent, the specified command will be executed on the host system, demonstrating the vulnerability.

Remediation

Users can update to version 0.5.11 or later, where this vulnerability has been patched.