CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2023-34257

CVSS 9.8v3.1pub. 2023-05-31upd. 2025-01-10

An issue was discovered in BMC Patrol through 23.1.00. The agent's configuration can be remotely modified (and, by default, authentication is not required). Some configuration fields related to SNMP (e.g., masterAgentName or masterAgentStartLine) result in code execution when the agent is restarted. NOTE: the vendor's perspective is "These are not vulnerabilities for us as we have provided the option to implement the authentication."

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Bmc Patrol Agent

    APP
    Bmc
    ≤ 23.1.00
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2019-8352CRITICAL9.8ten sam produkt

By default, BMC PATROL Agent through 11.3.01 uses a static encryption key for encrypting/decrypting user crede...

CVE-2020-35593HIGH7.8ten sam produkt

BMC PATROL Agent through 20.08.00 allows local privilege escalation via vectors involving pconfig +RESTART -ho...

CVE-2019-17044HIGH7.8ten sam produkt

An issue was discovered in BMC Patrol Agent 9.0.10i. Weak execution permissions on the PatrolAgent SUID binary...

CVE-2019-17043HIGH7.8ten sam produkt

An issue was discovered in BMC Patrol Agent 9.0.10i. Weak execution permissions on the best1collect.exe SUID b...

CVE-2018-20735HIGH7.8ten sam produkt

An issue was discovered in BMC PATROL Agent through 11.3.01. It was found that the PatrolCli application can a...