PT-2023-24780 · Bmc · Bmc Patrol
Guillaume Quéré
·
Publicado
2023-05-31
·
Atualizado
2025-01-08
·
CVE-2023-34258
CVSS v3.1
7.5
Alta
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
BMC Patrol versions prior to 22.1.00
Description
An issue was discovered where the agent's configuration can be remotely queried, containing the Patrol account password encrypted with a default AES key. This account can then be used to achieve remote code execution.
Recommendations
For versions prior to 22.1.00, update to version 22.1.00 or later to resolve the issue. As a temporary workaround, consider restricting access to the agent's configuration to minimize the risk of exploitation.
Exploit
Correção
Missing Encryption of Sensitive Data
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Bmc Patrol