PT-2021-17167 · Automox · Automox Agent

Danny Jordan

Published

2021-04-23

Updated

2022-04-26

CVE-2021-26909

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Automox Agent versions prior to 31

Description: The issue concerns an insufficiently protected S3 bucket endpoint used for storing sensitive files. This could potentially be brute-forced by an attacker, allowing them to subvert an organization's security program.

Recommendations: For Automox Agent versions prior to 31, update to version 31 to resolve the issue.

Fix

Improper Access Control

Use of Insufficiently Random Values

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-330

Related Identifiers

CVE-2021-26909

Affected Products

Automox Agent

PT-2021-17167 · Automox · Automox Agent

CVE-2021-26909

Weakness Enumeration

Related Identifiers

Affected Products

References · 4