Rapid7 researcher Danny Jordan discovered two vulnerabilities in the Automox Agent for Windows and macOS, which could result in information disclosure issues involving the Automox infrastructure. CVE-2021-26908 describes a vulnerability where Automox Agent improperly logs sensitive information on the local endpoint, and has a CVSS score of 3.3 (Low). CVE-2021-26909 describes a vulnerability that exposes an easily guessed endpoint in the Automox AWS infrastructure, and has a severity of 3.7. Both of these issues have been fixed by the vendor.
Product description
Automox provides programmatic solutions for the bulk management of remote endpoints, through its flagship product, the Automox Agent. More about Automox Agent and how it can help reduce attack surface can be found at the vendor's website.
Credit
This issue was discovered by cybersecurity researcher Danny Jordan, and it is being disclosed in accordance with Rapid7's vulnerability disclosure policy.
Exploitation
For CVE-2021-26908, an attacker would first need to be an authenticated user of an endpoint being managed by Automox Agent. That person could read the local log files to discover the command-line arguments Automox Agent used in the past to install endpoint security solutions, which can include sensitive information such as site-specific tokens being passed as command line arguments. These tokens, in turn, ..
Support the originator by clicking the read the rest link below.
){kind=link}