CVE-2023-34257
First published: Wed May 31 2023(Updated: )
** DISPUTED ** An issue was discovered in BMC Patrol through 23.1.00. The agent's configuration can be remotely modified (and, by default, authentication is not required). Some configuration fields related to SNMP (e.g., masterAgentName or masterAgentStartLine) result in code execution when the agent is restarted. NOTE: the vendor's perspective is "These are not vulnerabilities for us as we have provided the option to implement the authentication."
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Bmc Patrol Agent | <=23.1.00 | |
| <=23.1.00 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2023-34257.
What is the severity of CVE-2023-34257?
The severity of CVE-2023-34257 is critical with a severity value of 9.8.
What is the affected software?
The affected software is BMC PATROL Agent version 23.1.00.
Is authentication required to modify the agent's configuration?
By default, authentication is not required to modify the agent's configuration.
How can this vulnerability be exploited?
This vulnerability can be exploited by remotely modifying the agent's configuration, particularly in fields related to SNMP, resulting in code execution.
- collector/nvd-latest
- collector/nvd-index
- agent/author
- agent/type
- agent/first-publish-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/references
- agent/severity
- agent/last-modified-date
- agent/status
- agent/softwarecombine
- agent/tags
- agent/description
- agent/event
- status/disputed
- vendor/bmc
- canonical/bmc patrol agent
- version/bmc patrol agent/23.1.00