secuvera-SA-2025-01: Privilege Escalation in Automic Automation Agent Unix  – Full Disclosure

Posted by Flo Schäfer via Fulldisclosure on May 16

secuvera-SA-2025-01: Privilege Escalation

Affected Products
Automic Automation Agent Unix <24.3.0 HF4, <21.0.13 HF1

References
secuvera-SA-2025-01
CVE not assigned yet
CWE-426: Untrusted Search Path
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

Summary:
An agent configured to run in privileged mode using the SetUID-Bit can be used to escalate privileges, by supplying
an ini file with the…
 – Read More  – Full Disclosure