CVE-2019-8352

CRITICAL

BMC Patrol Agent < 11.3.01 - Hard-coded Credentials

Title source: rule

Description

By default, BMC PATROL Agent through 11.3.01 uses a static encryption key for encrypting/decrypting user credentials sent over the network to managed PATROL Agent services. If an attacker were able to capture this network traffic, they could decrypt these credentials and use them to execute code or escalate privileges on the network.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/46969

View Code ZIP pw:eip

References (1)

[Third Party Advisory] https://www.securifera.com/advisories/CVE-2019-8352/

Scores

CVSS v3 9.8

EPSS 0.0383

EPSS Percentile 88.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-798

Status published

Products (1)

bmc/patrol_agent < 11.3.01

Published May 20, 2019

Tracked Since Feb 18, 2026