An issue was discovered in BMC PATROL Agent through 11.3.01. It was found that the PatrolCli application can allow for lateral movement and escalation of privilege inside a Windows Active Directory environment. It was found that by default the PatrolCli / PATROL Agent application only verifies if the password provided for the given username is correct; it does not verify the permissions of the user on the network. This means if you have PATROL Agent installed on a high value target (domain controller), you can use a low privileged domain user to authenticate with PatrolCli and then connect to the domain controller and run commands as SYSTEM. This means any user on a domain can escalate to domain admin through PATROL Agent. NOTE: the vendor disputes this because they believe it is adequate to prevent this escalation by means of a custom, non-default configuration
oryginał ENCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HBmc Patrol Agent
APPBmc≤ 11.3.01
Powiązane podatności
An issue was discovered in BMC Patrol through 23.1.00. The agent's configuration can be remotely modified (and...
By default, BMC PATROL Agent through 11.3.01 uses a static encryption key for encrypting/decrypting user crede...
BMC PATROL Agent through 20.08.00 allows local privilege escalation via vectors involving pconfig +RESTART -ho...
An issue was discovered in BMC Patrol Agent 9.0.10i. Weak execution permissions on the best1collect.exe SUID b...
An issue was discovered in BMC Patrol Agent 9.0.10i. Weak execution permissions on the PatrolAgent SUID binary...