Lucene search

Rapid7CVELIST:CVE-2021-26909

HistoryApr 13, 2021 - 12:00 a.m.

CVE-2021-26909 Automox Agent Guessable S3 Bucket Endpoint

2021-04-1300:00:00

CWE-284

rapid7

www.cve.org

3.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

5.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

38.9%

JSON

Automox Agent prior to version 31 uses an insufficiently protected S3 bucket endpoint for storing sensitive files, which could be brute-forced by an attacker to subvert an organization’s security program. The issue has since been fixed in version 31 of the Automox Agent.

CNA Affected

[
  {
    "product": "Automox Agent",
    "vendor": "Automox",
    "versions": [
      {
        "lessThan": "30",
        "status": "affected",
        "version": "30",
        "versionType": "custom"
      }
    ]
  }
]

References

community.automox.com/t/cve-2021-26908-and-cve-201-26909-automox-agent-information-disclosure-vulnerabilities-fixed/1955

www.rapid7.com/blog/post/2021/04/13/cve-2021-26908-and-cve-2021-26909-automox-agent-information-disclosure-fixed/

3.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

5.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

38.9%

JSON

Related for CVELIST:CVE-2021-26909