CVE-2023-34258

Published: May 31, 2023

Modified: Jan 8, 2025

PUBLISHED

Description

An issue was discovered in BMC Patrol before 22.1.00. The agent's configuration can be remotely queried. This configuration contains the Patrol account password, encrypted with a default AES key. This account can then be used to achieve remote code execution.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.errno.fr/PatrolAdvisory.html#remote-secrets-leak-using-patrols-pconfig-22100

https://gist.github.com/gquere/045638b9959f4b3e119ea01d8d6ff856

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-34258

Description

Affected Products

References