Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in BMC PATROL Agent through 11.3.01. It was found that the PatrolCli application can allow for lateral movement and escalation of privilege inside a Windows Active Directory environment. It was found that by default the PatrolCli / PATROL Agent application only verifies if the password provided for the given username is correct; it does not verify the permissions of the user on the network. This means if you have PATROL Agent installed on a high value target (domain controller), you can use a low privileged domain user to authenticate with PatrolCli and then connect to the domain controller and run commands as SYSTEM. This means any user on a domain can escalate to domain admin through PATROL Agent. NOTE: the vendor disputes this because they believe it is adequate to prevent this escalation by means of a custom, non-default configuration
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
BMC PATROL Agent 安全漏洞
Vulnerability Description
BMC PATROL Agent是美国BMC Software公司的一款BMC ProactiveNet架构的核心组件,它主要用于监控和管理分布式环境。 BMC PATROL Agent 11.3.01及之前版本中存在安全漏洞,该漏洞源于程序仅验证了所提交的密码是否正确,但并没有验证该用户的权限。攻击者可利用该漏洞连接到域控制器上并以SYSTEM权限运行命令。
CVSS Information
N/A
Vulnerability Type
N/A