PT-2022-18679 · Automox · Automox Agent For Macos
Published
2022-06-30
·
Updated
2023-02-09
·
CVE-2022-27904
CVSS v3.1
7.0
High
| Vector | AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Automox Agent for macOS versions prior to 39
Automox Agent for macOS versions prior to 37
Description
The issue is related to a time-of-check/time-of-use (TOCTOU) race-condition attack that can occur during the agent install process. It also involves incorrect access control on a file used within the PostInstall script, allowing an unprivileged user to obtain root access.
Recommendations
For versions prior to 37, update to version 37 or later to resolve the issue.
For versions prior to 39, update to version 39 or later to resolve the issue.
Fix
Time Of Check To Time Of Use
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Automox Agent For Macos