Lucene search

[email protected]NVD:CVE-2023-34258

HistoryMay 31, 2023 - 8:15 p.m.

CVE-2023-34258

2023-05-3120:15:10

CWE-311

[email protected]

web.nvd.nist.gov

cve-2023-34258

bmc patrol

remote code execution

configuration

default aes key

security issue

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.006 Low

EPSS

Percentile

78.0%

JSON

An issue was discovered in BMC Patrol before 22.1.00. The agent’s configuration can be remotely queried. This configuration contains the Patrol account password, encrypted with a default AES key. This account can then be used to achieve remote code execution.

Affected configurations

NVD

Node

bmcpatrolRange<22.1.00

References

gist.github.com/gquere/045638b9959f4b3e119ea01d8d6ff856

www.errno.fr/PatrolAdvisory.html#remote-secrets-leak-using-patrols-pconfig-22100

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.006 Low

EPSS

Percentile

78.0%

JSON

Related for NVD:CVE-2023-34258

cvelist1 cve1 prion1