Lucene search

Rapid7CVELIST:CVE-2021-26908

HistoryApr 23, 2021 - 3:35 p.m.

CVE-2021-26908 Automox Agent Sensitive Log Information Disclosure

2021-04-2315:35:20

CWE-532

rapid7

www.cve.org

automox agent

sensitive information

disclosure

security program

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

Confidence

High

EPSS

Percentile

12.6%

JSON

Automox Agent prior to version 31 logs potentially sensitive information in local log files, which could be used by a locally-authenticated attacker to subvert an organization’s security program. The issue has since been fixed in version 31 of the Automox Agent.

CNA Affected

[
  {
    "product": "Automox Agent",
    "vendor": "Automox",
    "versions": [
      {
        "lessThan": "30",
        "status": "affected",
        "version": "30",
        "versionType": "custom"
      }
    ]
  }
]

References

community.automox.com/t/cve-2021-26908-and-cve-201-26909-automox-agent-information-disclosure-vulnerabilities-fixed/1955

www.rapid7.com/blog/post/2021/04/13/cve-2021-26908-and-cve-2021-26909-automox-agent-information-disclosure-fixed/

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

Confidence

High

EPSS

Percentile

12.6%

JSON

Related for CVELIST:CVE-2021-26908