CVE-2023-34258

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published May 31, 2023
Updated: Jan 8, 2025
CWE ID 311

Summary

CVE-2023-34258 is a vulnerability affecting BMC Patrol versions prior to 22.1.00. The issue permits an unauthorized user to remotely query the agent's configuration. This configuration contains the Patrol account password, encrypted using a default AES key. Given this information, an attacker can decrypt the password and use the Patrol account for remote code execution. This vulnerability poses a significant risk, as it allows an attacker to gain administrative access to the affected system. Organizations using the impacted version of BMC Patrol are urged to apply the necessary patches as soon as possible to mitigate this threat.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share