An issue in Automai Director v.25.2.0 allows a remote attacker to escalate privileges
The vulnerability classified as CWE-280 (Improper Handling of Insufficient Permissions or Privileges) involves improper handling of permissions by the application. An attacker with an account having a low privilege level can, through the network (without physical access), trigger a privilege escalation mechanism without interaction from another user. The attack vector indicates a change in privilege context beyond the scope of the application itself (Scope: Changed), which may indicate impact on the operating system or other environment components.
An attacker can gain high privileges in the system, leading to complete loss of confidentiality, integrity, and availability of resources — potentially with the possibility of taking control of the host system or other infrastructure components.
Patches available from the manufacturer should be applied according to the references. It is recommended to contact the manufacturer (automai.com) to obtain information about available updates. Until the patch is implemented, consider restricting network access to the application and applying the principle of least privilege for user accounts.
Automai Director version 25.2.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HAutomai Director
APPAutomai25.2.0
Related vulnerabilities
An issue in Automai Director v.25.2.0 allows a remote attacker to escalate privileges and obtain sensitive inf...
An issue in Automai Director v.25.2.0 allows a remote attacker to execute arbitrary code via the update mechan...
RCE w Automai BotManager poprzez komponent BotManager.exe