Lucene search

[email protected]CVE-2023-34258

HistoryMay 31, 2023 - 8:15 p.m.

CVE-2023-34258

2023-05-3120:15:10

CWE-311

[email protected]

web.nvd.nist.gov

bmc patrol

cve-2023-34258

security

remote code execution

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.8 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

77.2%

JSON

An issue was discovered in BMC Patrol before 22.1.00. The agent’s configuration can be remotely queried. This configuration contains the Patrol account password, encrypted with a default AES key. This account can then be used to achieve remote code execution.

Affected configurations

NVD

Node

bmcpatrolRange<22.1.00

CPENameOperatorVersion
bmc:patrolbmc patrollt22.1.00

CPE	Name	Operator	Version
bmc:patrol	bmc patrol	lt	22.1.00

References

gist.github.com/gquere/045638b9959f4b3e119ea01d8d6ff856

www.errno.fr/PatrolAdvisory.html#remote-secrets-leak-using-patrols-pconfig-22100

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.8 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

77.2%

JSON

Related for CVE-2023-34258

cvelist1 nvd1 prion1