NousResearch Hermes-Agent Unauthenticated Remote Code Execution Vulnerability

A critical vulnerability allowing unauthenticated remote code execution has been identified in NousResearch Hermes-Agent version 0.8.0. The issue arises in the API server component, specifically within the '_check_auth' function of 'gateway/platforms/api_server.py'. The vulnerability is due to improper authentication, as the API server disables authentication by default when no 'API_SERVER_KEY' is configured. This allows any unauthenticated network client to send arbitrary prompts to the agent, which are then executed as OS commands on the host machine via the agent's built-in 'terminal' tool.

Impact

Exploitation of this vulnerability leads to unauthorized execution of commands on the server where Hermes-Agent is running, with the potential to access sensitive files and information.

Reproduction

The vulnerability can be reproduced by starting the Hermes-Agent API server with the 'API_SERVER_HOST' environment variable set to '0.0.0.0', which allows network access, while leaving the 'API_SERVER_KEY' unset. This configuration disables authentication for critical API endpoints. Once the server is running, any client can send requests to the '/v1/chat/completions' endpoint without an authorization token. The server will process the prompts and execute them as commands on the host system, returning the output to the client.

Remediation

Users are advised to set the 'API_SERVER_KEY' environment variable to require authentication for API requests. Additionally, the Hermes-Agent documentation provides guidance on configuring the application securely.