CVE-2021-43326

HIGH

Automox Agent <32 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2021-43326. PoCs published by Greg Foss, gfoss.

AI-analyzed exploit summary This PowerShell script exploits a local privilege escalation vulnerability in Automox Agent versions 31-33 by monitoring and modifying executable PowerShell scripts in the agent's directory. It injects a payload to execute arbitrary commands with elevated privileges.

Description

Automox Agent before 32 on Windows incorrectly sets permissions on a temporary directory.

Exploits (2)

exploitdb WORKING POC

by Greg Foss · powershelllocalwindows

https://www.exploit-db.com/exploits/50642

View Code ZIP pw:eip

This PowerShell script exploits a local privilege escalation vulnerability in Automox Agent versions 31-33 by monitoring and modifying executable PowerShell scripts in the agent's directory. It injects a payload to execute arbitrary commands with elevated privileges.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Automox Agent versions 31, 32, 33

No auth needed

Prerequisites: Local access to the target system · Automox Agent versions 31-33 installed

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1548.002 - Bypass User Account Control

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 2 stars

by gfoss · poc

https://github.com/gfoss/CVE-2021-43326_Exploit

View Code ZIP pw:eip

This exploit leverages a privilege escalation vulnerability in Automox Windows Agent versions 31-33 by injecting a payload into a PowerShell script executed by the agent. The exploit monitors for agent activity and modifies the script to execute arbitrary commands as SYSTEM.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Automox Windows Agent versions 31, 32, 33

No auth needed

Prerequisites: Automox Windows Agent versions 31-33 installed · Local access to the target system

MITRE ATT&CK

T1059.001 - PowerShell T1548.002 - Bypass User Account Control

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Release Notes, Vendor Advisory x_refsource_misc

https://support.automox.com/help/release-notes

Vendor Advisory x_refsource_confirm

https://community.automox.com/product-updates-4/cve-2021-43326-and-cve-2021-43325-local-privilege-escalation-in-automox-agent-windows-only-1636

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/165449/Automox-Agent-32-Local-Privilege-Escalation.html

Scores

CVSS v3 7.8

EPSS 0.0123

EPSS Percentile 65.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-276

Status published

Products (1)

automox/automox < 32

Published Dec 15, 2021

Tracked Since Feb 18, 2026