CVE-2018-20735 : What You Need to Know

A vulnerability has been identified in BMC PATROL Agent up to version 11.3.01, allowing unauthorized movement across systems and privilege escalation within a Windows Active Directory environment.

Understanding CVE-2018-20735

This CVE highlights a security issue in BMC PATROL Agent that could potentially lead to privilege escalation within a Windows Active Directory environment.

What is CVE-2018-20735?

The vulnerability in BMC PATROL Agent up to version 11.3.01 allows users to elevate their privileges to a domain administrator level through the PatrolCli application.

The Impact of CVE-2018-20735

The vulnerability enables users with lower privileges to authenticate with PatrolCli, connect to a domain controller, and execute commands as SYSTEM, potentially compromising the entire domain.

Technical Details of CVE-2018-20735

This section provides detailed technical insights into the vulnerability.

Vulnerability Description

The PatrolCli/PATROL Agent application does not verify user permissions within the network, allowing unauthorized privilege escalation.

Affected Systems and Versions

BMC PATROL Agent up to version 11.3.01

Exploitation Mechanism

By exploiting the lack of permission verification, users can authenticate with PatrolCli and execute commands as SYSTEM, gaining domain administrator privileges.

Mitigation and Prevention

Protecting systems from CVE-2018-20735 is crucial to prevent unauthorized privilege escalation.

Immediate Steps to Take

Implement customized configurations to prevent unauthorized privilege escalation.
Regularly monitor and audit user activities within the network.

Long-Term Security Practices

Conduct regular security training for users to raise awareness of potential vulnerabilities.
Keep systems and software updated to patch known security flaws.

Patching and Updates

Apply vendor-recommended patches and updates to BMC PATROL Agent to mitigate the vulnerability.