Description
Execution with unnecessary privileges vulnerability in Broadcom Automic Automation Agent Unix on Linux x64, Linux Power 64 BE, Linux Power 64 LE, zLinux (zSeries), AIX, Solaris x64, Solaris Sparc 64 allows Privilege Escalation, Target Programs with Elevated Privileges.

This issue affects Automic Automation: < 24.4.4 HF1.
Published: 2026-05-19
Score: 8.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Automic Automation Agent on Unix platforms can execute target programs with privileges that are not required, giving an attacker the ability to raise their privileges to match the agent’s elevated status. This flaw is a classic instance of CWE‑250, where the system runs code with unnecessary privileges. If exploited, an attacker could access or modify sensitive data and compromise the integrity of the system by gaining elevated rights.

Affected Systems

The vulnerability impacts Broadcom Automic Automation Agents on AIX, Linux x64, Linux Power 64 BE, Linux Power 64 LE, zLinux (zSeries), Solaris x64, and Solaris Sparc 64. All installations with a version lower than 24.4.4 HF1 are known to be affected.

Risk and Exploitability

The CVSS base score of 8.5 indicates a high severity level. The EPSS score is not available and the vulnerability is not listed in CISA’s KEV catalog. While the official description does not specify an attack vector, the nature of the flaw suggests local exploitation or remote exploitation through the agent’s communication channels if they are exposed. Attack conditions therefore likely include the ability to interact with the agent process or its configuration files, and the vulnerability can lead to total privilege escalation on the affected host.

Generated by OpenCVE AI on May 19, 2026 at 20:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Automic Automation Agent to version 24.4.4 HF1 or later
  • Run the agent with the minimal privileges required by the product documentation
  • If an upgrade is not immediately possible, remove unnecessary group or user permissions from the agent binary and its supporting directories
  • Monitor system logs for abnormal privilege use and apply additional hardening as advised by Broadcom

Generated by OpenCVE AI on May 19, 2026 at 20:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 19 May 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 19 May 2026 19:15:00 +0000

Type Values Removed Values Added
Description Execution with unnecessary privileges vulnerability in Broadcom Automic Automation Agent Unix on Linux x64, Linux Power 64 BE, Linux Power 64 LE, zLinux (zSeries), AIX, Solaris x64, Solaris Sparc 64 allows Privilege Escalation, Target Programs with Elevated Privileges. This issue affects Automic Automation: < 24.4.4 HF1.
Title Automic Automation Agent Unix privilege escalation
First Time appeared Broadcom
Broadcom automic Automation
Weaknesses CWE-250
CPEs cpe:2.3:a:broadcom:automic_automation:24.4.4_hf1_or_later:*:aix:*:*:*:*:*
cpe:2.3:a:broadcom:automic_automation:24.4.4_hf1_or_later:*:linux_power_64_be:*:*:*:*:*
cpe:2.3:a:broadcom:automic_automation:24.4.4_hf1_or_later:*:linux_power_64_le:*:*:*:*:*
cpe:2.3:a:broadcom:automic_automation:24.4.4_hf1_or_later:*:linux_x64:*:*:*:*:*
cpe:2.3:a:broadcom:automic_automation:24.4.4_hf1_or_later:*:solaris_sparc_64:*:*:*:*:*
cpe:2.3:a:broadcom:automic_automation:24.4.4_hf1_or_later:*:solaris_x64:*:*:*:*:*
cpe:2.3:a:broadcom:automic_automation:24.4.4_hf1_or_later:*:zlinux_zseries_:*:*:*:*:*
cpe:2.3:a:broadcom:automic_automation:26.0.0:*:aix:*:*:*:*:*
cpe:2.3:a:broadcom:automic_automation:26.0.0:*:linux_power_64_be:*:*:*:*:*
cpe:2.3:a:broadcom:automic_automation:26.0.0:*:linux_power_64_le:*:*:*:*:*
cpe:2.3:a:broadcom:automic_automation:26.0.0:*:linux_x64:*:*:*:*:*
cpe:2.3:a:broadcom:automic_automation:26.0.0:*:solaris_sparc_64:*:*:*:*:*
cpe:2.3:a:broadcom:automic_automation:26.0.0:*:solaris_x64:*:*:*:*:*
cpe:2.3:a:broadcom:automic_automation:26.0.0:*:zlinux_zseries_:*:*:*:*:*
cpe:2.3:a:broadcom:automic_automation:_24.4.4_hf1:*:aix:*:*:*:*:*
cpe:2.3:a:broadcom:automic_automation:_24.4.4_hf1:*:linux_power_64_be:*:*:*:*:*
cpe:2.3:a:broadcom:automic_automation:_24.4.4_hf1:*:linux_power_64_le:*:*:*:*:*
cpe:2.3:a:broadcom:automic_automation:_24.4.4_hf1:*:linux_x64:*:*:*:*:*
cpe:2.3:a:broadcom:automic_automation:_24.4.4_hf1:*:solaris_sparc_64:*:*:*:*:*
cpe:2.3:a:broadcom:automic_automation:_24.4.4_hf1:*:solaris_x64:*:*:*:*:*
cpe:2.3:a:broadcom:automic_automation:_24.4.4_hf1:*:zlinux_zseries_:*:*:*:*:*
Vendors & Products Broadcom
Broadcom automic Automation
References
Metrics cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L'}

Subscriptions

Broadcom Automic Automation
cve-icon MITRE

Status: PUBLISHED

Assigner: ca

Published:

Updated: 2026-05-19T19:30:57.145Z

Reserved: 2026-05-11T23:42:14.037Z

Link: CVE-2026-8370

cve-icon Vulnrichment

Updated: 2026-05-19T19:30:53.482Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-19T19:16:51.903

Modified: 2026-05-19T21:01:06.970

Link: CVE-2026-8370

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-20T10:39:05Z

Weaknesses