Glances is a cross-platform, open-source system monitoring tool that allows dynamic configuration values to be specified in its configuration files. Prior to version 4.5.3, Glances parses configuration values and executes any substring enclosed in backticks as a system command during configuration parsing via the Config.get_value() function. This execution occurs without any validation or restriction, creating an OS command injection vulnerability (CWE-78). If an attacker can modify or influence the configuration files—either by direct file access or through other means—they can inject arbitrary system commands that will be executed with the privileges of the Glances process during startup or configuration reload. In environments where Glances runs with elevated privileges (for example, as a system service running as root or administrator), this can lead to privilege escalation, allowing the attacker to gain unauthorized control over the system. The vulnerability is local vector (AV:L), requires low attack complexity (AC:L), and low privileges (PR:L) but no user interaction (UI:N). The vulnerability affects all versions prior to 4.5.3, which has patched this issue by removing or restricting the unsafe command execution behavior. No known exploits are currently reported in the wild, but the vulnerability poses a significant risk due to the potential for privilege escalation and full system compromise.

The impact of this vulnerability is significant for organizations using Glances versions prior to 4.5.3, especially where Glances runs with elevated privileges. Successful exploitation allows an attacker with the ability to modify configuration files to execute arbitrary commands, potentially leading to full system compromise. This affects confidentiality, as sensitive data can be accessed or exfiltrated; integrity, as system files and configurations can be altered; and availability, as attackers can disrupt or disable system monitoring or other critical services. In environments where Glances is deployed as a system service or with administrative privileges, the risk escalates to privilege escalation, enabling attackers to gain persistent and powerful access. This can facilitate lateral movement, data breaches, or deployment of further malware. Organizations relying on Glances for system monitoring must consider the risk of insider threats or attackers who have gained limited local access, as they could leverage this vulnerability to escalate privileges and compromise critical infrastructure.

To mitigate this vulnerability, organizations should immediately upgrade Glances to version 4.5.3 or later, where the unsafe command execution behavior has been patched. Until upgrading is possible, restrict access to Glances configuration files to trusted administrators only, using strict file permissions and access controls to prevent unauthorized modification. Monitor configuration files for unauthorized changes using file integrity monitoring tools. Avoid running Glances with elevated privileges unless absolutely necessary; run it with the least privileges required to reduce the impact of potential exploitation. Implement host-based intrusion detection systems to detect suspicious command execution or configuration reload events. Additionally, conduct regular audits of system services and configurations to ensure no unauthorized changes have been made. Educate system administrators about the risks of dynamic command execution in configuration files and encourage best practices for secure configuration management.