CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2019-8352

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1140%
EPSS Percentile19.04th
Published2019年5月20日
Last Modified2024年11月21日

Vulnerability Description

By default, BMC PATROL Agent through 11.3.01 uses a static encryption key for encrypting/decrypting user credentials sent over the network to managed PATROL Agent services. If an attacker were able to capture this network traffic, they could decrypt these credentials and use them to execute code or escalate privileges on the network.

Affected Platforms (CPE)

📦
Bmc

Patrol Agent

<= 11.3.01

References & Advisories

🔗 https://www.securifera.com/advisories/CVE-2019-8352/
🔗 https://www.securifera.com/advisories/CVE-2019-8352/

相關漏洞威脅

CVE-2008-598210.0

Format string vulnerability in BMC PATROL Agent before 3.7.30 allows remote attackers to execute arbitrary code via format string ...

CVE-2011-097510.0

Stack-based buffer overflow in BMC PATROL Agent Service Daemon for in Performance Analysis for Servers, Performance Assurance for ...

CVE-1999-080110.0

BMC Patrol allows remote attackers to gain access to an agent by spoofing frames.

CVE-2019-170447.8

An issue was discovered in BMC Patrol Agent 9.0.10i. Weak execution permissions on the PatrolAgent SUID binary could allow an atta...