SUMMARY
The following vulnerability was found in BMC PATROL Agent 11.3.01 and prior.
By default, BMC PATROL Agent through 11.3.01 uses a static encryption key for encrypting/decrypting user credentials sent over the network to managed PATROL Agent services. If an attacker were able to capture this network traffic, they could decrypt these credentials and use them to execute code or escalate privileges on the network.
IMPACT
Access Vector: REMOTE
Access Complexity: LOW
Authentication: NOT REQUIRED TO EXPLOIT
Impact Type: CODE EXECUTION
Privilege Level: VARIES