SUMMARY

The following vulnerability was found in BMC PATROL Agent 11.3.01 and prior.

By default, BMC PATROL Agent through 11.3.01 uses a static encryption key for encrypting/decrypting user credentials sent over the network to managed PATROL Agent services. If an attacker were able to capture this network traffic, they could decrypt these credentials and use them to execute code or escalate privileges on the network.

IMPACT

Access Vector:    REMOTE
Access Complexity:   LOW
Authentication:    NOT REQUIRED TO EXPLOIT
Impact Type:   CODE EXECUTION
Privilege Level:   VARIES

AFFECTED PRODUCTS

SOFTWARE FIXES

  • PATROL agent provides the ability to change the key in use by setting the “PATROL_USER_MSKF” environmental variable or saving the custom key in “/etc/.psk/userk”.

    Additional mitigations can be implemented by enabling SSL/TLS which is disabled by default.

TIMELINE

02.15.2019

Reported Issue to BMC

02.18.2019

Vendor Confirms Submission

04.01.2019

Vendor Disputes Vulnerability

05.15.2019

Vulnerability Disclosed

REFERENCES