Local Privilege Escalation Vulnerability in BMC Patrol Agent by BMC Software
CVE-2019-17043

7.8HIGH

Key Information:

Vendor: Bmc
Status: Patrol Agent
Vendor: CVE Published:; 14 October 2019

What is CVE-2019-17043?

A vulnerability in BMC Patrol Agent 9.0.10i allows attackers with local access to exploit weak execution permissions on the best1collect.exe SUID binary. By crafting a malicious shared library (.so file), an attacker can successfully elevate their privileges to that of the 'patrol' user, potentially compromising the security of the system.

References

https://twitter.com/whira_wr

x_refsource_MISC

https://github.com/blogresponder/BMC-Patrol-Agent-local-r...

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 14, 2019
Vulnerability Reserved
Sep 30, 2019

JSON

Bmc

What is CVE-2019-17043?

References

CVSS V3.1

Timeline