Automox Agent
by Automox
CVEs (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-43326 | 0.03 | — | 0.01 | Dec 15, 2021 | Automox Agent before 32 on Windows incorrectly sets permissions on a temporary directory. | |||
| CVE-2022-36122 | 0.00 | — | 0.00 | Oct 21, 2022 | The Automox Agent before 40 on Windows incorrectly sets permissions on key files. | |||
| CVE-2022-27904 | 0.00 | — | 0.00 | Jun 30, 2022 | Automox Agent for macOS before version 39 was vulnerable to a time-of-check/time-of-use (TOCTOU) race-condition attack during the agent install process. | |||
| CVE-2022-24308 | 0.00 | — | 0.00 | Apr 13, 2022 | Automox Agent prior to version 37 on Windows and Linux and Version 36 on OSX could allow for a non privileged user to obtain sensitive information during the install process. | |||
| CVE-2021-43325 | 0.00 | — | 0.00 | Dec 15, 2021 | Automox Agent 33 on Windows incorrectly sets permissions on a temporary directory. NOTE: this issue exists because of a CVE-2021-43326 regression. | |||
| CVE-2021-26909 | 0.00 | — | 0.01 | Apr 23, 2021 | Automox Agent prior to version 31 uses an insufficiently protected S3 bucket endpoint for storing sensitive files, which could be brute-forced by an attacker to subvert an organization's security program. The issue has since been fixed in version 31 of the Automox Agent. | |||
| CVE-2021-26908 | 0.00 | — | 0.00 | Apr 23, 2021 | Automox Agent prior to version 31 logs potentially sensitive information in local log files, which could be used by a locally-authenticated attacker to subvert an organization's security program. The issue has since been fixed in version 31 of the Automox Agent. |
- CVE-2021-43326Dec 15, 2021risk 0.03cvss —epss 0.01
Automox Agent before 32 on Windows incorrectly sets permissions on a temporary directory.
- CVE-2022-36122Oct 21, 2022risk 0.00cvss —epss 0.00
The Automox Agent before 40 on Windows incorrectly sets permissions on key files.
- CVE-2022-27904Jun 30, 2022risk 0.00cvss —epss 0.00
Automox Agent for macOS before version 39 was vulnerable to a time-of-check/time-of-use (TOCTOU) race-condition attack during the agent install process.
- CVE-2022-24308Apr 13, 2022risk 0.00cvss —epss 0.00
Automox Agent prior to version 37 on Windows and Linux and Version 36 on OSX could allow for a non privileged user to obtain sensitive information during the install process.
- CVE-2021-43325Dec 15, 2021risk 0.00cvss —epss 0.00
Automox Agent 33 on Windows incorrectly sets permissions on a temporary directory. NOTE: this issue exists because of a CVE-2021-43326 regression.
- CVE-2021-26909Apr 23, 2021risk 0.00cvss —epss 0.01
Automox Agent prior to version 31 uses an insufficiently protected S3 bucket endpoint for storing sensitive files, which could be brute-forced by an attacker to subvert an organization's security program. The issue has since been fixed in version 31 of the Automox Agent.
- CVE-2021-26908Apr 23, 2021risk 0.00cvss —epss 0.00
Automox Agent prior to version 31 logs potentially sensitive information in local log files, which could be used by a locally-authenticated attacker to subvert an organization's security program. The issue has since been fixed in version 31 of the Automox Agent.