Vulnerability Description
An issue was discovered in BMC Patrol through 23.1.00. The agent's configuration can be remotely modified (and, by default, authentication is not required). Some configuration fields related to SNMP (e.g., masterAgentName or masterAgentStartLine) result in code execution when the agent is restarted. NOTE: the vendor's perspective is "These are not vulnerabilities for us as we have provided the option to implement the authentication."
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bmc | Patrol Agent | <= 23.1.00 |
References
- https://www.errno.fr/PatrolAdvisory.html#remote-code-excution-using-patrols-pconExploitThird Party Advisory
- https://www.errno.fr/PatrolAdvisory.html#remote-code-excution-using-patrols-pconExploitThird Party Advisory
FAQ
What is CVE-2023-34257?
CVE-2023-34257 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An issue was discovered in BMC Patrol through 23.1.00. The agent's configuration can be remotely modified (and, by default, authentication is not required). Some configuration fields related to SNMP (...
How severe is CVE-2023-34257?
CVE-2023-34257 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2023-34257?
Check the references section above for vendor advisories and patch information. Affected products include: Bmc Patrol Agent.