Lucene search

CERT-PLCVELIST:CVE-2024-1605

HistoryMar 18, 2024 - 9:59 a.m.

CVE-2024-1605 DLL side-loading in BMC Control-M

2024-03-1809:59:49

CWE-284

CERT-PL

www.cve.org

cve-2024-1605

dll side-loading

bmc control-m

dynamic link libraries

write permissions

read permissions

malicious libraries

application privileges

fix

version 9.0.20.238

version 9.0.21.201

6.6 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L

0.0004 Low

EPSS

Percentile

15.7%

JSON

BMC Control-M branches 9.0.20 and 9.0.21 upon user login load all Dynamic Link Libraries (DLL) from a directory that grants Write and Read permissions to all users. Leveraging it leads to loading of a potentially malicious libraries, which will execute with the application’s privileges.

Fix for 9.0.20 branch was released in version 9.0.20.238. Fix for 9.0.21 branch was released in version 9.0.21.201.

CNA Affected

[
  {
    "defaultStatus": "unknown",
    "product": "Control-M",
    "vendor": "BMC",
    "versions": [
      {
        "lessThan": "9.0.20.238",
        "status": "affected",
        "version": "9.0.20",
        "versionType": "custom"
      },
      {
        "lessThan": "9.0.21.201",
        "status": "affected",
        "version": "9.0.21",
        "versionType": "custom"
      }
    ]
  }
]

References

cert.pl/en/posts/2024/03/CVE-2024-1604

cert.pl/posts/2024/03/CVE-2024-1604

www.bmc.com/it-solutions/control-m.html