CVE-2021-26909

EPSS 0.73%
Veröffentlicht 23.04.2021 16:15:08
Zuletzt bearbeitet 21.11.2024 05:57:01
Quelle cve@rapid7.com
CVE-Watchlists
Login
Unerledigt
Login

Automox Agent Guessable S3 Bucket Endpoint

Automox Agent prior to version 31 uses an insufficiently protected S3 bucket endpoint for storing sensitive files, which could be brute-forced by an attacker to subvert an organization's security program. The issue has since been fixed in version 31 of the Automox Agent.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 2 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Automox ≫ Automox Version < 31

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.73%	0.492

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N
cve@rapid7.com	3.7	2.2	1.4	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CWE-330 Use of Insufficiently Random Values

The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.

https://community.automox.com/t/cve-2021-26908-and-cve-201-26909-automox-agent-information-disclosure-vulnerabilities-fixed/1955

Vendor Advisory

https://www.rapid7.com/blog/post/2021/04/13/cve-2021-26908-and-cve-2021-26909-automox-agent-information-disclosure-fixed/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-26909

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-26909

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-26909

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2021-26909