CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2023-34258
https://notcve.org/view.php?id=CVE-2023-34258
31 May 2023 — An issue was discovered in BMC Patrol before 22.1.00. The agent's configuration can be remotely queried. This configuration contains the Patrol account password, encrypted with a default AES key. This account can then be used to achieve remote code execution. • https://gist.github.com/gquere/045638b9959f4b3e119ea01d8d6ff856 • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2016-9638
https://notcve.org/view.php?id=CVE-2016-9638
02 Dec 2016 — In BMC Patrol before 9.13.10.02, the binary "listguests64" is configured with the setuid bit. However, when executing it, it will look for a binary named "virsh" using the PATH environment variable. The "listguests64" program will then run "virsh" using root privileges. This allows local users to elevate their privileges to root. En BMC Patrol en versiones anteriores a 9.13.10.02 el binario "listguests64" está configurado con el bit setuid. • http://www.nes.fr/securitylab/index.php/2016/12/02/privilege-escalation-on-bmc-patrol • CWE-264: Permissions, Privileges, and Access Controls •