CVE-2023-34257

Published: May 31, 2023

Modified: Jan 10, 2025

PUBLISHED

Description

An issue was discovered in BMC Patrol through 23.1.00. The agent's configuration can be remotely modified (and, by default, authentication is not required). Some configuration fields related to SNMP (e.g., masterAgentName or masterAgentStartLine) result in code execution when the agent is restarted. NOTE: the vendor's perspective is "These are not vulnerabilities for us as we have provided the option to implement the authentication."

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.errno.fr/PatrolAdvisory.html#remote-code-excution-using-patrols-pconfig

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-34257

Description

Affected Products

References