Automox
Monthly
The Automox Agent before 40 on Windows incorrectly sets permissions on key files. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Automox Agent for macOS before version 39 was vulnerable to a time-of-check/time-of-use (TOCTOU) race-condition attack during the agent install process. Rated high severity (CVSS 7.0). No vendor patch available.
Automox Agent prior to version 37 on Windows and Linux and Version 36 on OSX could allow for a non privileged user to obtain sensitive information during the install process. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Automox Agent before 32 on Windows incorrectly sets permissions on a temporary directory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
Automox Agent 33 on Windows incorrectly sets permissions on a temporary directory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Automox Agent prior to version 31 uses an insufficiently protected S3 bucket endpoint for storing sensitive files, which could be brute-forced by an attacker to subvert an organization's security. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Automox Agent prior to version 31 logs potentially sensitive information in local log files, which could be used by a locally-authenticated attacker to subvert an organization's security program. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
The Automox Agent before 40 on Windows incorrectly sets permissions on key files. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Automox Agent for macOS before version 39 was vulnerable to a time-of-check/time-of-use (TOCTOU) race-condition attack during the agent install process. Rated high severity (CVSS 7.0). No vendor patch available.
Automox Agent prior to version 37 on Windows and Linux and Version 36 on OSX could allow for a non privileged user to obtain sensitive information during the install process. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Automox Agent before 32 on Windows incorrectly sets permissions on a temporary directory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
Automox Agent 33 on Windows incorrectly sets permissions on a temporary directory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Automox Agent prior to version 31 uses an insufficiently protected S3 bucket endpoint for storing sensitive files, which could be brute-forced by an attacker to subvert an organization's security. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Automox Agent prior to version 31 logs potentially sensitive information in local log files, which could be used by a locally-authenticated attacker to subvert an organization's security program. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.