Automox Windows Agent Privilege Escalation Exploit
Lacework Labs Blog Post https://www.lacework.com/blog/cve-2021-43326/
Automox Community Post https://community.automox.com/product-updates-4/cve-2021-43326-and-cve-2021-43325-local-privilege-escalation-in-automox-agent-windows-only-1636
CVE-2021-43326 https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-43326
Modify exploit.ps1 with the desired commands you would like to run as SYSTEM and then run the exploit.ps1 script and wait for the agent polling process to take place. This should happen every hour.
.\exploit.ps1To manually trigger the agent polling and force automox to query the local system, modify the getOS.sh script with your organization's parameters and run the script to trigger agent polling.
chmod +x getOS.sh; ./getOS.shAutomox has patched this vulnerability - only versions 31 - 33 are susceptible to this attack. This code is only for testing purposes and can only be used where strict consent has been given. Do not use this for illegal purposes, period.
greg.foss[at]owasp.org