CVE-2019-8352
First published: Mon May 20 2019(Updated: )
By default, BMC PATROL Agent through 11.3.01 uses a static encryption key for encrypting/decrypting user credentials sent over the network to managed PATROL Agent services. If an attacker were able to capture this network traffic, they could decrypt these credentials and use them to execute code or escalate privileges on the network.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Bmc Patrol Agent | <=11.3.01 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-8352?
CVE-2019-8352 is a vulnerability in BMC PATROL Agent versions up to 11.3.01 that uses a static encryption key for encrypting/decrypting user credentials sent over the network, allowing attackers to potentially decrypt and execute code.
How severe is CVE-2019-8352?
CVE-2019-8352 has a severity rating of 9.8 (Critical).
What software is affected by CVE-2019-8352?
BMC PATROL Agent up to version 11.3.01 is affected by CVE-2019-8352.
How can an attacker exploit CVE-2019-8352?
An attacker can exploit CVE-2019-8352 by capturing network traffic and decrypting user credentials to execute code.
Is there a fix available for CVE-2019-8352?
BMC has released a patch or update to address the vulnerability. It is recommended to update to the latest version of BMC PATROL Agent.
- collector/nvd-index
- agent/author
- agent/severity
- agent/references
- agent/type
- agent/event
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/bmc
- canonical/bmc patrol agent
- version/bmc patrol agent/11.3.01