An issue in Automai BotManager v.25.2.0 allows a remote attacker to execute arbitrary code via the BotManager.exe component
A vulnerability classified as CWE-295 (improper certificate verification) is present in the BotManager.exe component of the Automai BotManager application. Improper certificate validation can allow an attacker to conduct a man-in-the-middle attack or substitute a malicious endpoint, which consequently leads to arbitrary code execution. The vulnerability is remotely exploitable, without authentication and without user interaction.
An attacker can remotely execute arbitrary code on the victim's system, leading to complete loss of system control, data breaches, and service disruption.
Patches available from the vendor should be applied according to references. It is recommended to monitor official communications on https://www.automai.com/ and apply updates immediately upon release. Until a patch is available, network access to the BotManager.exe component should be restricted to trusted hosts only.
Automai BotManager version 25.2.0
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HAutomai Botmanager
APPAutomai25.2.0
Related vulnerabilities
Privilege escalation w Automai Director v.25.2.0
An issue in Automai Director v.25.2.0 allows a remote attacker to escalate privileges and obtain sensitive inf...
An issue in Automai Director v.25.2.0 allows a remote attacker to execute arbitrary code via the update mechan...