How severe is CVE-2018-20735?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.8 out of 10.

What type of vulnerability is CVE-2018-20735?

This is classified as CWE-287, which is a common weakness in software security.

CVE-2018-20735 - HIGH Severity | CVSS 7.8

Vulnerability Description

An issue was discovered in BMC PATROL Agent through 11.3.01. It was found that the PatrolCli application can allow for lateral movement and escalation of privilege inside a Windows Active Directory environment. It was found that by default the PatrolCli / PATROL Agent application only verifies if the password provided for the given username is correct; it does not verify the permissions of the user on the network. This means if you have PATROL Agent installed on a high value target (domain controller), you can use a low privileged domain user to authenticate with PatrolCli and then connect to the domain controller and run commands as SYSTEM. This means any user on a domain can escalate to domain admin through PATROL Agent. NOTE: the vendor disputes this because they believe it is adequate to prevent this escalation by means of a custom, non-default configuration

Related Vulnerabilities

CVE-2011-4338

HIGH

CVSS:7.8(High)

Shaman 1.0.9: Users can add the line askforpwd=false to his shaman.conf file, without entering the root password in shaman. The next time shaman is run, root privileges are granted despite the fact th...

CWE-2872011

CVE-2013-5582

HIGH

CVSS:7.8(High)

Ammyy Admin 3.2 and earlier stores the client ID at a fixed memory location, which might make it easier for user-assisted remote attackers to bypass authentication by running a local program that extr...

CWE-2872013

CVE-2014-1867

HIGH

CVSS:7.8(High)

suPHP before 0.7.2 source-highlighting feature allows security bypass which could lead to arbitrary code execution

CWE-2872014

CVE-2014-8347

HIGH

CVSS:7.8(High)

An Authentication Bypass vulnerability exists in the MatchPasswordData function in DBEngine.dll in Filemaker Pro 13.03 and Filemaker Pro Advanced 12.04, which could let a malicious user obtain elevate...

CWE-2872014

CVE-2014-9952

HIGH

CVSS:7.8(High)

In the Secure File System in all Android releases from CAF using the Linux kernel, a capture-replay vulnerability could potentially exist.

CWE-2872014

CVE-2015-8308

HIGH

CVSS:7.8(High)

LXDM before 0.5.2 did not start X server with -auth, which allows local users to bypass authentication with X connections.

CWE-2872015