Описание
By default, BMC PATROL Agent through 11.3.01 uses a static encryption key for encrypting/decrypting user credentials sent over the network to managed PATROL Agent services. If an attacker were able to capture this network traffic, they could decrypt these credentials and use them to execute code or escalate privileges on the network.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 11.3.01 (включая)
cpe:2.3:a:bmc:patrol_agent:*:*:*:*:*:*:*:*
EPSS
Процентиль: 88%
0.03828
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-798
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
By default, BMC PATROL Agent through 11.3.01 uses a static encryption key for encrypting/decrypting user credentials sent over the network to managed PATROL Agent services. If an attacker were able to capture this network traffic, they could decrypt these credentials and use them to execute code or escalate privileges on the network.
EPSS
Процентиль: 88%
0.03828
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-798