CVE-2023-34258
First published: Wed May 31 2023(Updated: )
An issue was discovered in BMC Patrol before 22.1.00. The agent's configuration can be remotely queried. This configuration contains the Patrol account password, encrypted with a default AES key. This account can then be used to achieve remote code execution.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| BMC Patrol | <22.1.00 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-34258?
CVE-2023-34258 is a vulnerability discovered in BMC Patrol before version 22.1.00. It allows remote querying of the agent's configuration, leading to the exposure of the Patrol account password that is encrypted with a default AES key.
How severe is CVE-2023-34258?
CVE-2023-34258 has a severity level of 7.5, which is considered high.
What is the affected software for CVE-2023-34258?
The affected software for CVE-2023-34258 is BMC Patrol version up to exclusive 22.1.00.
How can the vulnerability in CVE-2023-34258 be exploited?
The vulnerability in CVE-2023-34258 can be exploited by remotely querying the agent's configuration to obtain the encrypted Patrol account password, which can then be used for remote code execution.
Is there a fix available for CVE-2023-34258?
Yes, updating to BMC Patrol version 22.1.00 or later will fix the vulnerability in CVE-2023-34258.
- collector/nvd-latest
- collector/nvd-index
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/tags
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- vendor/bmc
- canonical/bmc patrol