CVE-2008-5982 : Format string vulnerability in BMC PATROL Agent before 3.7.30 allows remote attackers to execute arbitrary code via form

Format string vulnerability in BMC PATROL Agent before 3.7.30 allows remote attackers to execute arbitrary code via format string specifiers in an invalid version number to TCP port 3181, which are not properly handled when writing a log message.

Published 2009-01-27 22:30:00

Updated 2018-10-11 20:56:52

Source MITRE

View at NVD, CVE.org

Vulnerability category: OverflowExecute code

Exploit prediction scoring system (EPSS) score for CVE-2008-5982

Probability of exploitation activity in the next 30 days: 30.93%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 97 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2008-5982

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2008-5982

CWE-134 Use of Externally-Controlled Format String

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2008-5982

Products affected by CVE-2008-5982

BMC » Patrol Agent
Versions up to, including, (<=) 3.7
cpe:2.3:a:bmc:patrol_agent:*:*:*:*:*:*:*:*
Matching versions
BMC » Patrol Agent » Version: 3.2.3
cpe:2.3:a:bmc:patrol_agent:3.2.3:*:*:*:*:*:*:*
Matching versions
BMC » Patrol Agent » Version: 3.2.5
cpe:2.3:a:bmc:patrol_agent:3.2.5:*:*:*:*:*:*:*
Matching versions
BMC » Patrol Agent » Version: 3.2
cpe:2.3:a:bmc:patrol_agent:3.2:*:*:*:*:*:*:*
Matching versions
BMC » Patrol Agent » Version: 3.4.00 NT Edition
cpe:2.3:a:bmc:patrol_agent:3.4.00:*:nt:*:*:*:*:*
Matching versions
BMC » Patrol Agent » Version: 3.3.00 NT Edition
cpe:2.3:a:bmc:patrol_agent:3.3.00:*:nt:*:*:*:*:*
Matching versions
BMC » Patrol Agent » Version: 3.4.11 NT Edition
cpe:2.3:a:bmc:patrol_agent:3.4.11:*:nt:*:*:*:*:*
Matching versions
BMC » Patrol Agent » Version: 3.4.00 Unix Edition
cpe:2.3:a:bmc:patrol_agent:3.4.00:*:unix:*:*:*:*:*
Matching versions
BMC » Patrol Agent » Version: 3.3.00
cpe:2.3:a:bmc:patrol_agent:3.3.00:*:*:*:*:*:*:*
Matching versions
BMC » Patrol Agent » Version: 3.4.11
cpe:2.3:a:bmc:patrol_agent:3.4.11:*:*:*:*:*:*:*
Matching versions
BMC » Patrol Agent » Version: 3.3.00 Unix Edition
cpe:2.3:a:bmc:patrol_agent:3.3.00:*:unix:*:*:*:*:*
Matching versions
BMC » Patrol Agent » Version: 3.4.00
cpe:2.3:a:bmc:patrol_agent:3.4.00:*:*:*:*:*:*:*
Matching versions
BMC » Patrol Agent » Version: 3.4.11 Unix Edition
cpe:2.3:a:bmc:patrol_agent:3.4.11:*:unix:*:*:*:*:*
Matching versions
BMC » Patrol Agent » Version: 3.2.7
cpe:2.3:a:bmc:patrol_agent:3.2.7:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2008-5982

Exploit prediction scoring system (EPSS) score for CVE-2008-5982

CVSS scores for CVE-2008-5982

CWE ids for CVE-2008-5982

References for CVE-2008-5982

Products affected by CVE-2008-5982