Introduction
Security researchers have uncovered a critical vulnerability chain in Automation Anywhere's Control Room that highlights the systemic risk of over-permissioned roles and non-human identities in cloud environments. By exploiting a path traversal vulnerability (CVE-2024-4746) and leveraging default excessive permissions assigned to service accounts, attackers can bypass standard access controls to dump the Credential Vault. This allows for the theft of bot credentials (non-human identities), which are frequently used to automate interactions with cloud infrastructure (AWS, Azure, Salesforce).
For defenders, this is not just a software bug; it is a failure of Identity and Access Management (IAM) governance. If your organization uses Automation Anywhere v11 or Automation 360, you are at immediate risk of supply-chain style propagation where a compromised automation account serves as a beachhead into your broader cloud environment.
Technical Analysis
Affected Products
- Automation Anywhere Control Room: Versions prior to specific security patches (see Remediation).
- Platform: Windows Server environments hosting the Control Room.
CVE Identifiers
- CVE-2024-4746: Path Traversal in the Control Room API allowing unauthorized file access.
- CVE-2024-4747: Improper Access Control allowing privilege escalation within the application logic.
- CVE-2024-4748: Information Disclosure exposing sensitive configuration details.
Attack Mechanics
- Initial Access: An attacker requires basic authenticated access to the Control Room (e.g., a low-privilege "Bot Runner" or standard user account). In some configurations, anonymous access to specific API endpoints might be possible if misconfigured.
- Path Traversal (CVE-2024-4746): The attacker sends crafted API requests to the web server component. By utilizing path traversal sequences (e.g.,
../), the application validates the request but reads files outside the intended web root. - Secrets Discovery: The attacker targets the Credential Vault configuration files and database exports. Because the service runs with high privileges (often
SYSTEMor a local admin), the underlying OS permits the read operation initiated by the application thread. - Non-Human Identity Theft: The attacker extracts encrypted or plaintext credentials used by "Bots" (non-human identities).
- Cloud Compromise: These Bot credentials are typically used to access S3 buckets, databases, or APIs. Since these identities are often over-permissioned to avoid workflow breakage, the attacker gains significant lateral movement capabilities within the cloud tenant.
Exploitation Status
Proof-of-concept (PoC) code has been released by researchers (Orca Security). While no widespread mass exploitation has been observed in the wild yet, the barrier to entry is low, and the value of the target (automation credentials) is high.
Detection & Response
Sigma Rules
YAML
---
title: Automation Anywhere Control Room Process Anomaly
id: 8a4b2c19-7d3e-4f1a-9b0c-3d5e6f7a8b9c
status: experimental
description: Detects the Automation Anywhere Java process spawning suspicious child processes (cmd, powershell), indicative of post-exploitation activity.
references:
- https://www.darkreading.com/vulnerabilities-threats/complex-cloud-integrations-small-errors-compromises
author: Security Arsenal
date: 2025/03/20
tags:
- attack.execution
- attack.t1059
logsource:
category: process_creation
product: windows
detection:
selection:
ParentImage|contains:
- '\Java\'
- '\jre\'
ParentImage|contains:
- 'Automation Anywhere'
- 'AA-'
Image|endswith:
- '\cmd.exe'
- '\powershell.exe'
- '\pwsh.exe'
condition: selection
falsepositives:
- Legitimate administrative scripts running via the automation engine (rare)
level: high
---
title: Automation Anywhere Credential Vault File Access
id: 9b5c3d20-8e4f-5g2b-0c1d-4e6f7a8b9c0d
status: experimental
description: Detects access to the Automation Anywhere Credential Vault or sensitive configuration directories by processes other than the main service.
references:
- https://www.darkreading.com/vulnerabilities-threats/complex-cloud-integrations-small-errors-compromises
author: Security Arsenal
date: 2025/03/20
tags:
- attack.credential_access
- attack.t1003
logsource:
category: file_access
product: windows
detection:
selection:
TargetFilename|contains:
- '\Automation Anywhere\Automation 360\config\'
- '\Automation Anywhere\Automation Anywhere\My Documents\'
- '\Automation 360\repository\'
filter:
Image|contains:
- 'AAServer.exe'
- 'AAWebService.exe'
- 'Java'
condition: selection and not filter
falsepositives:
- Backup software scanning the directory
- Authorized administrator inspection
level: medium
---
title: Cloud Metadata Access from Automation Host
id: 0c6d4e31-9f5g-6h3c-1d2e-5f7a8b9c0d1e
status: experimental
description: Detects the Automation Anywhere server or service account accessing cloud metadata services (IMDS), a common move after stealing bot credentials.
references:
- https://www.darkreading.com/vulnerabilities-threats/complex-cloud-integrations-small-errors-compromises
author: Security Arsenal
date: 2025/03/20
tags:
- attack.defense_evasion
- attack.t1552.001
logsource:
category: network_connection
product: windows
detection:
selection:
DestinationIp:
- '169.254.169.254'
Image|contains:
- 'curl'
- 'wget'
- 'java'
- 'powershell'
filter:
User|contains:
- 'LOCAL SERVICE'
- 'NETWORK SERVICE'
condition: selection and not filter
falsepositives:
- Legitimate cloud-based automation tasks retrieving instance metadata
level: high
KQL (Microsoft Sentinel)
KQL — Microsoft Sentinel / Defender
// Hunt for suspicious process spawning by Automation Anywhere Java Service
DeviceProcessEvents
| where Timestamp > ago(7d)
| where ParentProcessName has @"Automation Anywhere" and ParentProcessName endswith ".exe"
| where ProcessName in~ ("cmd.exe", "powershell.exe", "pwsh.exe", "bash.exe", "wscript.exe", "cscript.exe")
| project Timestamp, DeviceName, AccountName, FileName, ProcessCommandLine, ParentProcessName, InitiatingProcessFileName
| order by Timestamp desc
// Hunt for access to Credential Vault directories
DeviceFileEvents
| where Timestamp > ago(7d)
| whereFolderPath contains @"Automation Anywhere"
| where FolderPath contains @"config" or FolderPath contains @"repository"
| where ActionType == "FileAccessed" or ActionType == "FileRead"
| where InitiatingProcessFileName !in~ ("AAServer.exe", "AAWebService.exe", "java.exe")
| project Timestamp, DeviceName, InitiatingProcessAccountName, InitiatingProcessFileName, FolderPath, FileName, ActionType
| order by Timestamp desc
Velociraptor VQL
VQL — Velociraptor
-- Hunt for Automation Anywhere Service binaries and check for suspicious child processes
SELECT Pid, Name, CommandLine, Exe, Username, Parent.Pid AS ParentPid
FROM pslist()
WHERE Name =~ "AAServer" OR Name =~ "AAWebService"
-- Hunt for Credential Vault configuration files accessed recently
SELECT FullPath, Mtime, Atime, Size, Mode
FROM glob(globs="**/Automation Anywhere/**/config/*.config")
WHERE Atime < now() - 3600 -- Accessed in the last hour
Remediation Script (PowerShell)
PowerShell
# Check Automation Anywhere Version for Vulnerability
# Usage: Run as Administrator on the Control Room server
$RegPath = "HKLM:\SOFTWARE\Wow6432Node\Automation Anywhere\Automation 360"
$InstallPath = (Get-ItemProperty -Path $RegPath -ErrorAction SilentlyContinue).InstallLocation
if ($InstallPath) {
Write-Host "[+] Installation Path Found: $InstallPath"
# Check specific DLL or Exe version for patch validation (Placeholder logic)
$TargetFile = "$InstallPath\AAServer.exe"
if (Test-Path $TargetFile) {
$FileVersion = (Get-Item $TargetFile).VersionInfo.FileVersion
Write-Host "[+] Current Version: $FileVersion"
# Note: Replace with specific patch version from vendor advisory
$SafeVersion = "13.0.0.0"
if ($FileVersion -lt $SafeVersion) {
Write-Host "[!] ALERT: Version is vulnerable. Please apply the latest hotfix from Automation Anywhere support." -ForegroundColor Red
} else {
Write-Host "[*] Version appears patched." -ForegroundColor Green
}
}
} else {
Write-Host "[-] Automation Anywhere registry path not found." -ForegroundColor Yellow
}
# Audit ACLs on Credential Vault Directory
$VaultPath = "$InstallPath\config"
if (Test-Path $VaultPath) {
Write-Host "[+] Auditing permissions on: $VaultPath"
Get-Acl -Path $VaultPath | Format-List Owner, AccessToString
} else {
Write-Host "[-] Vault path not found."
}
Remediation
- Patch Immediately: Apply the latest security patches provided by Automation Anywhere. Ensure your build includes the fixes for CVE-2024-4746, CVE-2024-4747, and CVE-2024-4748. Check the official advisory for the specific minimum build number for your version (v11 or A360).
- Review Non-Human Identities: Conduct an audit of all Bot Runner credentials. Ensure they follow the principle of least privilege (PoLP). If a bot only needs to read from an S3 bucket, remove write permissions.
- Restrict API Access: Configure Web Application Firewalls (WAF) or API gateways in front of the Control Room to block path traversal attempts (e.g., block requests containing
../or encoded variants%2e%2e/). - Network Segmentation: Ensure the Automation Anywhere server cannot initiate arbitrary outbound connections to the internet or cloud metadata IP addresses (169.254.169.254) unless explicitly required.
- Official Advisory: Refer to the Automation Anywhere Trust Center for the detailed security bulletin and patch download links.
Related Resources
Security Arsenal Alert Triage Automation AlertMonitor Platform Book a SOC Assessment platform Intel Hub
alert-triagealert-fatiguesoc-automationfalse-positive-reductionalertmonitorautomation-anywherecve-2024-4746non-human-identity
Is your security operations ready?
Get a free SOC assessment or see how AlertMonitor cuts through alert noise with automated triage.