CVE-2021-43325 - OpenCVE

Automox Agent 33 on Windows incorrectly sets permissions on a temporary directory. NOTE: this issue exists because of a CVE-2021-43326 regression.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Microsoft	Windows
Automox	Automox

Configuration 1 [-]

AND

cpe:2.3:a:automox:automox:33:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

References

Link	Resource
https://community.automox.com/product-updates-4/cve-2021-43326-and-cve-2021-43325-local-privilege-escalation-in-automox-agent-windows-only-1636	Vendor Advisory
https://support.automox.com/help/release-notes	Release Notes Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2021-12-15T06:14:23

Updated: 2021-12-15T06:14:23

Reserved: 2021-11-03T00:00:00

Link: CVE-2021-43325

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-12-15T07:15:07.497

Modified: 2021-12-17T19:20:48.467

Link: CVE-2021-43325

JSON object: View

Redhat Information

No data.

CWE

CWE-276

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Automox Agent 33 on Windows incorrectly sets permissions on a temporary directory. NOTE: this issue exists because of a CVE-2021-43326 regression."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-12-15T06:14:23", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://support.automox.com/help/release-notes"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://community.automox.com/product-updates-4/cve-2021-43326-and-cve-2021-43325-local-privilege-escalation-in-automox-agent-windows-only-1636"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-43325", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Automox Agent 33 on Windows incorrectly sets permissions on a temporary directory. NOTE: this issue exists because of a CVE-2021-43326 regression."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://support.automox.com/help/release-notes", "refsource": "MISC", "url": "https://support.automox.com/help/release-notes"}, {"name": "https://community.automox.com/product-updates-4/cve-2021-43326-and-cve-2021-43325-local-privilege-escalation-in-automox-agent-windows-only-1636", "refsource": "CONFIRM", "url": "https://community.automox.com/product-updates-4/cve-2021-43326-and-cve-2021-43325-local-privilege-escalation-in-automox-agent-windows-only-1636"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-43325", "datePublished": "2021-12-15T06:14:23", "dateReserved": "2021-11-03T00:00:00", "dateUpdated": "2021-12-15T06:14:23", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:automox:automox:33:*:*:*:*:*:*:*", "matchCriteriaId": "D0DAA3C9-3B25-464F-AD6B-A55509E79B8D", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Automox Agent 33 on Windows incorrectly sets permissions on a temporary directory. NOTE: this issue exists because of a CVE-2021-43326 regression."}, {"lang": "es", "value": "Automox Agent versi\u00f3n 33 en Windows establece incorrectamente los permisos en un directorio temporal. NOTA: este problema se presenta debido a una regresi\u00f3n CVE-2021-43326"}], "id": "CVE-2021-43325", "lastModified": "2021-12-17T19:20:48.467", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-12-15T07:15:07.497", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://community.automox.com/product-updates-4/cve-2021-43326-and-cve-2021-43325-local-privilege-escalation-in-automox-agent-windows-only-1636"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.automox.com/help/release-notes"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-276"}], "source": "nvd@nist.gov", "type": "Primary"}]}