Automox Security Vulnerabilities

CVE-2022-27904

Automox Agent for macOS before version 39 was vulnerable to a time-of-check/time-of-use (TOCTOU) race-condition attack during the agent install...

CVE-2022-36122

The Automox Agent before 40 on Windows incorrectly sets permissions on key...

CVE-2022-24308

Automox Agent prior to version 37 on Windows and Linux and Version 36 on OSX could allow for a non privileged user to obtain sensitive information during the install...

CVE-2021-43326

Automox Agent before 32 on Windows incorrectly sets permissions on a temporary...

CVE-2021-43325

Automox Agent 33 on Windows incorrectly sets permissions on a temporary directory. NOTE: this issue exists because of a CVE-2021-43326...

CVE-2021-26908

Automox Agent prior to version 31 logs potentially sensitive information in local log files, which could be used by a locally-authenticated attacker to subvert an organization's security program. The issue has since been fixed in version 31 of the Automox...

CVE-2021-26909

Automox Agent prior to version 31 uses an insufficiently protected S3 bucket endpoint for storing sensitive files, which could be brute-forced by an attacker to subvert an organization's security program. The issue has since been fixed in version 31 of the Automox...