Security Bulletin
CVE-2022-27904
06/22/2022
Race-condition During Install Process
High (7.7)
CVE-2022-27904
06/22/2022
Race-condition During Install Process
High (7.7)
Severity: High
CVE Score: 7.7
CVE Vector String: AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Description: Automox Agent for OSX before version 39 was vulnerable to a time-of-check/time-of-use (TOCTOU) race-condition attack during the agent install process.
Affected Products:
- Automox Agent for OSX before version 39
Source: Reported by Anonymous
CVE-2022-24308
03/29/2022
Information Disclosure via Install Process
Medium (4.4)
CVE-2022-24308
03/29/2022
Information Disclosure via Install Process
Medium (4.4)
Severity: Medium
CVE Score: 4.4
CVE Vector String: AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Description: Automox Agent prior to version 37 on Windows and Linux and Version 36 on OSX could allow for a non privileged user to obtain sensitive information during the install process.
Affected Products:
- Automox Agent prior to version 37 (Windows and Linux)
- Automox Agent prior to version 36 (OSX)
Source: Reported by Mostafa Soliman
CVE-2021-43326
12/13/2021
Local Privilege Escalation in Automox Agent
High (7.8)
CVE-2021-43326
12/13/2021
Local Privilege Escalation in Automox Agent
High (7.8)
Severity: High
CVE Score: 7.8
CVE Vector String: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Description: The Automox Agent prior to Version 32 incorrectly sets permissions on a temporary directory while running in Windows environments.
Affected Products:
- Automox Agent prior to version 32 (windows only)
Source: Reported by Greg Foss
CVE-2021-43325
12/13/2021
Local Privilege Escalation in Automox Agent
High (7.8)
CVE-2021-43325
12/13/2021
Local Privilege Escalation in Automox Agent
High (7.8)
Severity: High
CVE Score: 7.8
CVE Vector String: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Description: The Automox Agent Version 33 incorrectly sets permissions on a temporary directory while running in Windows environments.
Affected Products:
- Automox Agent version 33 (windows only)
Source: Reported by Adam Nadrowski and Ryan Garbars - Automox Security
CVE-2021-26909
04/13/2021
Automox Agent Information Disclosure
Low (3.7)
CVE-2021-26909
04/13/2021
Automox Agent Information Disclosure
Low (3.7)
Severity: Low
CVE Score: 3.7
CVE Vector String: AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Description: The automox agent exposes an easily guessed endpoint in the Automox AWS infrastructure
Affected Products:
- Automox agents prior to version 31
Source: Reported by Rapid7 researcher Danny Jordan
CVE-2021-26908
04/13/2021
Automox Agent Information Disclosure
Low (3.3)
CVE-2021-26908
04/13/2021
Automox Agent Information Disclosure
Low (3.3)
Severity: Low
CVE Score: 3.3
CVE Vector String: AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Description: Automox Agent improperly logs sensitive information on the local endpoint.
Affected Products:
- Automox agents prior to version 31
Source: Reported by Rapid7 researcher Danny Jordan