CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-20735

An issue was discovered in BMC PATROL Agent through 11.3.01. It was found that the PatrolCli application can allow for lateral movement and escalation of privilege inside a Windows Active Directory environment. It was found that by default the PatrolCli / PATROL Agent application only verifies if the password provided for the given username is correct; it does not verify the permissions of the user on the network. This means if you have PATROL Agent installed on a high value target (domain controller), you can use a low privileged domain user to authenticate with PatrolCli and then connect to the domain controller and run commands as SYSTEM. This means any user on a domain can escalate to domain admin through PATROL Agent. NOTE: the vendor disputes this because they believe it is adequate to prevent this escalation by means of a custom, non-default configuration

Exploit prediction scoring system (EPSS) score

EPSS Score 0.38

EPSS Ranking 97.0%

CVSS Severity

CVSS v3 Score 7.8

CVSS v2 Score 7.2

References

Products affected by CVE-2018-20735

Bmc » Patrol Agent » Version: N/A

cpe:2.3:a:bmc:patrol_agent:-
Bmc » Patrol Agent » Version: 10.0.00

cpe:2.3:a:bmc:patrol_agent:10.0.00
Bmc » Patrol Agent » Version: 10.0.00.01

cpe:2.3:a:bmc:patrol_agent:10.0.00.01
Bmc » Patrol Agent » Version: 10.0.00.02

cpe:2.3:a:bmc:patrol_agent:10.0.00.02
Bmc » Patrol Agent » Version: 10.7.00

cpe:2.3:a:bmc:patrol_agent:10.7.00
Bmc » Patrol Agent » Version: 10.7.00.01

cpe:2.3:a:bmc:patrol_agent:10.7.00.01
Bmc » Patrol Agent » Version: 10.7.00.02

cpe:2.3:a:bmc:patrol_agent:10.7.00.02
Bmc » Patrol Agent » Version: 10.7.00.03

cpe:2.3:a:bmc:patrol_agent:10.7.00.03
Bmc » Patrol Agent » Version: 10.7.00.04

cpe:2.3:a:bmc:patrol_agent:10.7.00.04
Bmc » Patrol Agent » Version: 10.7.00.05

cpe:2.3:a:bmc:patrol_agent:10.7.00.05
Bmc » Patrol Agent » Version: 11.0.00

cpe:2.3:a:bmc:patrol_agent:11.0.00
Bmc » Patrol Agent » Version: 11.0.00.01

cpe:2.3:a:bmc:patrol_agent:11.0.00.01
Bmc » Patrol Agent » Version: 11.0.00.02

cpe:2.3:a:bmc:patrol_agent:11.0.00.02
Bmc » Patrol Agent » Version: 11.0.00.03

cpe:2.3:a:bmc:patrol_agent:11.0.00.03
Bmc » Patrol Agent » Version: 11.3.01

cpe:2.3:a:bmc:patrol_agent:11.3.01
Bmc » Patrol Agent » Version: 3.2

cpe:2.3:a:bmc:patrol_agent:3.2
Bmc » Patrol Agent » Version: 3.2.3

cpe:2.3:a:bmc:patrol_agent:3.2.3
Bmc » Patrol Agent » Version: 3.2.5

cpe:2.3:a:bmc:patrol_agent:3.2.5
Bmc » Patrol Agent » Version: 3.2.7

cpe:2.3:a:bmc:patrol_agent:3.2.7
Bmc » Patrol Agent » Version: 3.3.00

cpe:2.3:a:bmc:patrol_agent:3.3.00
Bmc » Patrol Agent » Version: 3.4.00

cpe:2.3:a:bmc:patrol_agent:3.4.00
Bmc » Patrol Agent » Version: 3.4.11

cpe:2.3:a:bmc:patrol_agent:3.4.11
Bmc » Patrol Agent » Version: 3.7

cpe:2.3:a:bmc:patrol_agent:3.7
Bmc » Patrol Agent » Version: 3.9.00

cpe:2.3:a:bmc:patrol_agent:3.9.00
Bmc » Patrol Agent » Version: 9.0.10i

cpe:2.3:a:bmc:patrol_agent:9.0.10i
Bmc » Patrol Agent » Version: 9.5.00

cpe:2.3:a:bmc:patrol_agent:9.5.00
Bmc » Patrol Agent » Version: 9.5.00.01

cpe:2.3:a:bmc:patrol_agent:9.5.00.01
Bmc » Patrol Agent » Version: 9.5.00.02

cpe:2.3:a:bmc:patrol_agent:9.5.00.02
Bmc » Patrol Agent » Version: 9.5.00.03

cpe:2.3:a:bmc:patrol_agent:9.5.00.03
Bmc » Patrol Agent » Version: 9.5.00.04

cpe:2.3:a:bmc:patrol_agent:9.5.00.04
Bmc » Patrol Agent » Version: 9.5.00.05

cpe:2.3:a:bmc:patrol_agent:9.5.00.05
Bmc » Patrol Agent » Version: 9.6.00

cpe:2.3:a:bmc:patrol_agent:9.6.00
Bmc » Patrol Agent » Version: 9.6.00.01

cpe:2.3:a:bmc:patrol_agent:9.6.00.01
Bmc » Patrol Agent » Version: 9.6.00.02

cpe:2.3:a:bmc:patrol_agent:9.6.00.02
Bmc » Patrol Agent » Version: 9.6.00.03

cpe:2.3:a:bmc:patrol_agent:9.6.00.03
Bmc » Patrol Agent » Version: 9.6.00.04

cpe:2.3:a:bmc:patrol_agent:9.6.00.04
Bmc » Patrol Agent » Version: 9.6.00.05

cpe:2.3:a:bmc:patrol_agent:9.6.00.05

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-20735

Products

Pricing

Contact Us