PT-2021-17166 · Automox · Automox Agent

Danny Jordan

Published

2021-04-23

Updated

2021-05-05

CVE-2021-26908

CVSS v3.1

3.3

Low

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Automox Agent versions prior to 31

Description: The issue concerns the logging of potentially sensitive information in local log files by the Automox Agent, which could be exploited by a locally-authenticated attacker to compromise an organization's security. The problem has been resolved in version 31 of the Automox Agent.

Recommendations: For versions prior to 31, update to version 31 or later to resolve the issue.

Fix

Insertion into Log File

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-532

Related Identifiers

CVE-2021-26908

Affected Products

Automox Agent

PT-2021-17166 · Automox · Automox Agent

CVE-2021-26908

Weakness Enumeration

Related Identifiers

Affected Products

References · 4