Bmc: >> Patrol >> 9.13.10.01 Security Vulnerabilities
An issue was discovered in BMC Patrol before 22.1.00. The agent's configuration can be remotely queried. This configuration contains the Patrol account password, encrypted with a default AES key. This account can then be used to achieve remote code execution.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-05-31
In BMC Patrol before 9.13.10.02, the binary "listguests64" is configured with the setuid bit. However, when executing it, it will look for a binary named "virsh" using the PATH environment variable. The "listguests64" program will then run "virsh" using root privileges. This allows local users to elevate their privileges to root.
CVSS Score
7.8
EPSS Score
0.001
Published
2016-12-02