CVE-2018-20735

Name of the Vulnerable Software and Affected Versions: BMC PATROL Agent versions through 11.3.01

Description: An issue in the BMC PATROL Agent allows for lateral movement and escalation of privilege inside a Windows Active Directory environment. The PatrolCli application only verifies if the provided password for a given username is correct, but it does not verify the permissions of the user on the network. This enables a low-privileged domain user to authenticate with PatrolCli and then connect to a domain controller, running commands as SYSTEM. As a result, any user on a domain can potentially escalate to domain admin through the PATROL Agent.

Recommendations: For versions through 11.3.01, consider implementing a custom, non-default configuration to prevent this escalation, as suggested by the vendor, although this may not be considered adequate by all parties. At the moment, there is no information about a newer version that contains a fix for this vulnerability.