Exploit for llm-endpoint-vulnerability-poc CVE-2021-44228

Name: Exploit for llm-endpoint-vulnerability-poc CVE-2021-44228
Rating: 5 (26 reviews)
2026-06-07 | CVSS 10.0
## https://sploitus.com/exploit?id=815640AA-6255-5A1D-B47A-F6F70D963A02
# LLM Endpoint Vulnerability PoC

A proof-of-concept for exposing vulnerabilities at endpoints with large language models. The system integrates CVE information, LLM inspection plans, endpoint agent logs, and risk reports into a controlled process to determine whether an endpoint may be affected by a specific CVE. > Status: PoC / WIP. This project is used for classroom projects and portfolio presentations; it is not yet production-ready. Do not expose it directly to the public internet. ## Function Overview

- Central management platform using FastAPI and SQLite database. - Synchronizes vulnerability information from NVD, CISA KEV, and EPSS. - Supports registration of Windows/Linux/macOS agents, task scanning, and log retrieval. - Utilizes LLM Planner/Reporter in the backend, with a deterministic fallback mechanism. - Agents only perform read-only actions on allowlists; no exploits or automatic patching is performed. ## Quick Start

```bash
git clone https://github.com/2ha-tw/llm-endpoint-vulnerability-poc.git
cd llm-endpoint-vulnerability-poc
python3 -m pip install -r requirements.txt
cp .env.example .env
python3 -m uvicorn app.main:app --reload
```

After starting, you can access:

- Dashboard: http://localhost:8000/
- CVE List: http://localhost:8000/cves
- Agent List: http://localhost:8000/agents
- Agent Installation: http://localhost:8000/agents/install
- Inspection Plans: http://localhost:8000/plans
- Tasks: http://localhost:8000/tasks
- Reports: http://localhost:8000/reports
- Settings: http://localhost:8000/settings

## Install from a clean environment

1. Install Python 3.11+. 2. Install required dependencies:

   ```bash
   python3 -m pip install -r requirements.txt
   ```

3. Create a local configuration file:

   ```bash
   cp .env.example .env
   ```

4. To use LLM to generate inspection plans and reports, edit the `.env` file. This project supports OpenAI-compatible chat completions providers:

   ```bash
   OPENAI_BASE_URL="https://api.openai.com/v1"
   OPENAI_MODEL="gpt-4.1-mini"
   OPENAI_API_KEY="your-api-key"
   ```

5. Start the backend service:

   ```bash
   python3 -m uvicorn app.main:app --reload
   ```

6. Run tests:

   ```bash
   AUTO_SYNC_ENABLED=false python3 -mpytest -q
   ```

## Tests

It is recommended to disable background synchronization during tests to avoid calling external information APIs:

```bash
AUTO_SYNCEnabled=false python3 -mpytest -q
```

Current tests include information normalization, agent registration/scanning/reporting processes, installation script generation, risk report fallback rules, LLM output verification, and basic page smoke checks. ## Configuration

Copy `.env.example` to `.env` and adjust it as needed:

```bash
DATABASE_URL="sqlite:///./data/app.db"
SERVER_URL="http://localhost:8000"

OPENAI_BASE_URL="https://api.openai.com/v1"
OPENAI_MODEL="gpt-4.1-mini"
OPENAI_API_KEY=""

AUTO_SYNCEnabled=false
```

REQUIRE_TASK_APPROVAL=true  
ALLOW_AI_RAW_COMMANDS=false  

If `OPENAI_API_KEY` is left blank, Planner and Reporter will use deterministic rules as a fallback. The Agent does not save the API key, does not call models, and does not make AI decisions on its own. Runtime settings can also be edited from `http://localhost:8000/settings`. The settings are written into the local `.env` file, and most of the settings will also apply immediately to the currently running backend processes.  

**Security Boundaries**  
- This is a localhost PoC; the backend management pages currently have no login requirements, role-based permission control, or CSRF protection.  
- Do not expose the management UI, Agent registration endpoints, or download routes directly to the public internet.  
- Agent actions are listed in the allowlist, and their purpose is only for read-only evidence collection.  
- The Agent does not have built-in AI, does not save API keys, does not call models, and does not make decisions on its own.  
- This project does not perform exploits, do not destructive checks, modify settings, restart services, or automatically repair issues.  
- SQLite is used only for convenience in PoC testing; there is no migration system or production database hardening.  

**Vulnerability Information Synchronization**  
Manual synchronization endpoints:  
```bash
curl -X POST http://localhost:8000/api/intel/cves/CVE-2021-44228/refresh  
curl -X POST http://localhost:8000/api/intel/sync/kev  
curl -X POST http://localhost:8000/api/intel/sync/epss  
curl -X POST http://localhost:8000/api/intel/sync/auto  
```  
Background synchronization is controlled by the following settings:  
```bash  
AUTO_SYNC_ENABLED=false  
SYNC_INTERVAL_SECONDS=900  
AUTO_SYNC_WINDOW_HOURS=24  
AUTO_SYNC_EPSS LIMIT=20  
```  
It is recommended to keep `AUTO_SYNC_ENABLED=false` during testing and portfolio demonstrations.  

**Agent Process**  
1. Go to `/agents/install` to create a registration token.  
2. Choose between Windows, Linux, or macOS, and copy the generated installation instructions.  
3. Execute the installation instructions on the actual endpoint. If the endpoint is not the same machine as the backend, `SERVER_URL` must use the address obtained from the endpoint; for another machine, `localhost` represents itself, not the backend management server.  
4. Check the generated plans and tasks in the backend.  
5. If manual approval is enabled, approve the task first.  
6. The Agent polls the approved tasks from `/api/agents/tasks/{task_id}/results`.  
7. The Agent uploads evidence to `/api/agents/tasks/{task_id}/results`.  
8. The backend generates a risk report based on the endpoint evidence. Supported evidence actions include:  
   - `check_installed_package`  
   - `check_service`  
   - `check_port`  
   - `http_probe`  
   - `check_process`  
   - `check_file_exists`  
   - `check_file_version`  
   - `check_registry_key`  
   - `check_config_value`  

**Three-Endpoints CVE Testing Plan**  
For the testing process on actual endpoints, refer to [docs/os-cve-test-playbook.md](docs/os-cve-test-playbook.md). This file provides safe, read-only CVE validation plans for macOS, Linux, and Windows. You can first seed the three draft plans into the local PoC database:  
```bash
python3 scripts/seed_os_cve_test_plans.py  
```  
Then open `/plans`, approve the plans for the corresponding OS, and assign them to the corresponding Agents.

[source-iocs-preserved url=http://localhost:8000/settings` const=AUTO_SYNC_EPSS_LIMIT]