CVE Vulnerability

CVE-2007-1972

** DISPUTED ** PatrolAgent.exe in BMC Performance Manager does not require authentication for requests to modify configuration files, which allows remote attackers to execute arbitrary code via a request on TCP port 3181 for modification of the masterAgentName and masterAgentStartLine SNMP parameters. NOTE: the vendor disputes this vulnerability, stating that it does not exist when the system is properly configured.

7.5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 6.4

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

Scope

References
Link Resource
http://www.zerodayinitiative.com/advisories/ZDI-07-020.html Vendor Advisory
http://www.securityfocus.com/bid/23559
http://www.securitytracker.com/id?1017935
http://securityreason.com/securityalert/2599
http://www.vupen.com/english/advisories/2007/1458
http://www.securityfocus.com/archive/1/466274/100/0/threaded
http://www.securityfocus.com/archive/1/466223/100/0/threaded
Configurations

Configuration 1

cpe:2.3:a:bmc:performance_manager:*:*:*:*:*:*:*:*
Information

Published : 2007-04-22 07:19

Updated : 2018-10-16 04:41

NVD link : CVE-2007-1972

Mitre link : CVE-2007-1972

Products Affected
No products.
CWE
NVD-CWE-Other