CyberSec.Space Logo
Back to CVE Browser

CVE-2019-8352

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1140%
EPSS Percentile19.04th
PublishedMay 20, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

By default, BMC PATROL Agent through 11.3.01 uses a static encryption key for encrypting/decrypting user credentials sent over the network to managed PATROL Agent services. If an attacker were able to capture this network traffic, they could decrypt these credentials and use them to execute code or escalate privileges on the network.

Affected Platforms (CPE)

📦
Bmc

Patrol Agent

<= 11.3.01

References & Advisories

🔗 https://www.securifera.com/advisories/CVE-2019-8352/
🔗 https://www.securifera.com/advisories/CVE-2019-8352/

Related Vulnerabilities

CVE-2008-598210.0

Format string vulnerability in BMC PATROL Agent before 3.7.30 allows remote attackers to execute arbitrary code via format string ...

CVE-2011-097510.0

Stack-based buffer overflow in BMC PATROL Agent Service Daemon for in Performance Analysis for Servers, Performance Assurance for ...

CVE-1999-080110.0

BMC Patrol allows remote attackers to gain access to an agent by spoofing frames.

CVE-2019-170447.8

An issue was discovered in BMC Patrol Agent 9.0.10i. Weak execution permissions on the PatrolAgent SUID binary could allow an atta...