Vulnerability Details : CVE-2023-34257
An issue was discovered in BMC Patrol through 23.1.00. The agent's configuration can be remotely modified (and, by default, authentication is not required). Some configuration fields related to SNMP (e.g., masterAgentName or masterAgentStartLine) result in code execution when the agent is restarted. NOTE: the vendor's perspective is "These are not vulnerabilities for us as we have provided the option to implement the authentication."
Products affected by CVE-2023-34257
- cpe:2.3:a:bmc:patrol_agent:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-34257
0.29%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 70 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-34257
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
References for CVE-2023-34257
-
https://www.errno.fr/PatrolAdvisory.html#remote-code-excution-using-patrols-pconfig
Vulnerabilities in BMC Patrol's agent remote configurationExploit;Third Party Advisory
Jump to