CVE-2023-34258
CVSS 3.1 Score 7.5 of 10 (high)
Details
Summary
CVE-2023-34258 is a vulnerability affecting BMC Patrol versions prior to 22.1.00. The issue permits an unauthorized user to remotely query the agent's configuration. This configuration contains the Patrol account password, encrypted using a default AES key. Given this information, an attacker can decrypt the password and use the Patrol account for remote code execution. This vulnerability poses a significant risk, as it allows an attacker to gain administrative access to the affected system. Organizations using the impacted version of BMC Patrol are urged to apply the necessary patches as soon as possible to mitigate this threat.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.