Skip to main content

Automox

7 CVEs product

Monthly

CVE-2022-36122 HIGH This Week

The Automox Agent before 40 on Windows incorrectly sets permissions on key files. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Automox
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-27904 HIGH This Week

Automox Agent for macOS before version 39 was vulnerable to a time-of-check/time-of-use (TOCTOU) race-condition attack during the agent install process. Rated high severity (CVSS 7.0). No vendor patch available.

Apple Information Disclosure Automox
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2022-24308 MEDIUM This Month

Automox Agent prior to version 37 on Windows and Linux and Version 36 on OSX could allow for a non privileged user to obtain sensitive information during the install process. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Automox
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-43326 HIGH POC This Week

Automox Agent before 32 on Windows incorrectly sets permissions on a temporary directory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Privilege Escalation Automox
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
1.2%
CVE-2021-43325 HIGH This Week

Automox Agent 33 on Windows incorrectly sets permissions on a temporary directory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Automox
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-26909 MEDIUM This Month

Automox Agent prior to version 31 uses an insufficiently protected S3 bucket endpoint for storing sensitive files, which could be brute-forced by an attacker to subvert an organization's security. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Automox
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2021-26908 LOW Monitor

Automox Agent prior to version 31 logs potentially sensitive information in local log files, which could be used by a locally-authenticated attacker to subvert an organization's security program. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Automox
NVD
CVSS 3.1
3.3
EPSS
0.2%
EPSS 0% CVSS 7.8
HIGH This Week

The Automox Agent before 40 on Windows incorrectly sets permissions on key files. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Automox
NVD
EPSS 0% CVSS 7.0
HIGH This Week

Automox Agent for macOS before version 39 was vulnerable to a time-of-check/time-of-use (TOCTOU) race-condition attack during the agent install process. Rated high severity (CVSS 7.0). No vendor patch available.

Apple Information Disclosure Automox
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Automox Agent prior to version 37 on Windows and Linux and Version 36 on OSX could allow for a non privileged user to obtain sensitive information during the install process. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Automox
NVD
EPSS 1% CVSS 7.8
HIGH POC This Week

Automox Agent before 32 on Windows incorrectly sets permissions on a temporary directory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Privilege Escalation Automox
NVD Exploit-DB
EPSS 0% CVSS 7.8
HIGH This Week

Automox Agent 33 on Windows incorrectly sets permissions on a temporary directory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Automox
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

Automox Agent prior to version 31 uses an insufficiently protected S3 bucket endpoint for storing sensitive files, which could be brute-forced by an attacker to subvert an organization's security. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Automox
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Automox Agent prior to version 31 logs potentially sensitive information in local log files, which could be used by a locally-authenticated attacker to subvert an organization's security program. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Automox
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy