CVE-2008-5982 : Format string vulnerability in BMC PATROL Agent before 3.7.30 allows remote atta

Format string vulnerability in BMC PATROL Agent before 3.7.30 allows remote attackers to execute arbitrary code via format string specifiers in an invalid version number to TCP port 3181, which are not properly handled when writing a log message.

Published 2009-01-27 22:30:00

Updated 2025-04-09 00:30:58

Source MITRE

View at NVD, CVE.org

Vulnerability category: Execute code

Products affected by CVE-2008-5982

BMC » Patrol Agent
Versions up to, including, (<=) 3.7
cpe:2.3:a:bmc:patrol_agent:*:*:*:*:*:*:*:*
Matching versions
BMC » Patrol Agent » Version: 3.2.3
cpe:2.3:a:bmc:patrol_agent:3.2.3:*:*:*:*:*:*:*
Matching versions
BMC » Patrol Agent » Version: 3.2.5
cpe:2.3:a:bmc:patrol_agent:3.2.5:*:*:*:*:*:*:*
Matching versions
BMC » Patrol Agent » Version: 3.2
cpe:2.3:a:bmc:patrol_agent:3.2:*:*:*:*:*:*:*
Matching versions
BMC » Patrol Agent » Version: 3.4.00 NT Edition
cpe:2.3:a:bmc:patrol_agent:3.4.00:*:nt:*:*:*:*:*
Matching versions
BMC » Patrol Agent » Version: 3.3.00 NT Edition
cpe:2.3:a:bmc:patrol_agent:3.3.00:*:nt:*:*:*:*:*
Matching versions
BMC » Patrol Agent » Version: 3.4.11 NT Edition
cpe:2.3:a:bmc:patrol_agent:3.4.11:*:nt:*:*:*:*:*
Matching versions
BMC » Patrol Agent » Version: 3.4.00 Unix Edition
cpe:2.3:a:bmc:patrol_agent:3.4.00:*:unix:*:*:*:*:*
Matching versions
BMC » Patrol Agent » Version: 3.3.00
cpe:2.3:a:bmc:patrol_agent:3.3.00:*:*:*:*:*:*:*
Matching versions
BMC » Patrol Agent » Version: 3.4.11
cpe:2.3:a:bmc:patrol_agent:3.4.11:*:*:*:*:*:*:*
Matching versions
BMC » Patrol Agent » Version: 3.3.00 Unix Edition
cpe:2.3:a:bmc:patrol_agent:3.3.00:*:unix:*:*:*:*:*
Matching versions
BMC » Patrol Agent » Version: 3.4.00
cpe:2.3:a:bmc:patrol_agent:3.4.00:*:*:*:*:*:*:*
Matching versions
BMC » Patrol Agent » Version: 3.4.11 Unix Edition
cpe:2.3:a:bmc:patrol_agent:3.4.11:*:unix:*:*:*:*:*
Matching versions
BMC » Patrol Agent » Version: 3.2.7
cpe:2.3:a:bmc:patrol_agent:3.2.7:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2008-5982

EPSS FAQ

15.44%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 94 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2008-5982

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2008-5982

CWE-134 Use of Externally-Controlled Format String

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2008-5982

Jump to

Vulnerability Details : CVE-2008-5982

Products affected by CVE-2008-5982

Exploit prediction scoring system (EPSS) score for CVE-2008-5982

CVSS scores for CVE-2008-5982

CWE ids for CVE-2008-5982

References for CVE-2008-5982