Vulnerability Details CVE-2021-26908
Automox Agent prior to version 31 logs potentially sensitive information in local log files, which could be used by a locally-authenticated attacker to subvert an organization's security program. The issue has since been fixed in version 31 of the Automox Agent.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 16.9%
CVSS Severity
CVSS v3 Score 3.3
CVSS v2 Score 2.1
References
- https://community.automox.com/t/cve-2021-26908-and-cve-201-26909-automox-agent-information-disclosure-vulnerabilities-fixed/1955
- https://www.rapid7.com/blog/post/2021/04/13/cve-2021-26908-and-cve-2021-26909-automox-agent-information-disclosure-fixed/
- https://community.automox.com/t/cve-2021-26908-and-cve-201-26909-automox-agent-information-disclosure-vulnerabilities-fixed/1955
- https://www.rapid7.com/blog/post/2021/04/13/cve-2021-26908-and-cve-2021-26909-automox-agent-information-disclosure-fixed/