CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2023-34258
https://notcve.org/view.php?id=CVE-2023-34258
An issue was discovered in BMC Patrol before 22.1.00. The agent's configuration can be remotely queried. This configuration contains the Patrol account password, encrypted with a default AES key. This account can then be used to achieve remote code execution. • https://gist.github.com/gquere/045638b9959f4b3e119ea01d8d6ff856 https://www.errno.fr/PatrolAdvisory.html#remote-secrets-leak-using-patrols-pconfig-22100 • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2016-9638
https://notcve.org/view.php?id=CVE-2016-9638
In BMC Patrol before 9.13.10.02, the binary "listguests64" is configured with the setuid bit. However, when executing it, it will look for a binary named "virsh" using the PATH environment variable. The "listguests64" program will then run "virsh" using root privileges. This allows local users to elevate their privileges to root. En BMC Patrol en versiones anteriores a 9.13.10.02 el binario "listguests64" está configurado con el bit setuid. • http://www.nes.fr/securitylab/index.php/2016/12/02/privilege-escalation-on-bmc-patrol http://www.securityfocus.com/bid/95009 http://www.securitytracker.com/id/1037385 • CWE-264: Permissions, Privileges, and Access Controls •