CVE-2023-34257

Name of the Vulnerable Software and Affected Versions BMC Patrol versions through 23.1.00

Description An issue was discovered where the agent's configuration can be remotely modified, and by default, authentication is not required. Some configuration fields related to SNMP, such as masterAgentName or masterAgentStartLine, result in code execution when the agent is restarted.

Recommendations For BMC Patrol versions through 23.1.00, consider implementing authentication to prevent remote modification of the agent's configuration as a mitigation measure. Restrict access to configuration fields related to SNMP to minimize the risk of exploitation.