CVE-2023-34258: Remote secrets leak using Patrol’s pconfig (=22.1.00 since the encryption key has been diversified. CVE-2023-34257: Remote code execution using Patrol’s pconfig - Description: The agent’s configuration can be remotely updated using the binary. This can lead to remote code execution by injecting commands in the field used to start the SNMP service. - Windows Example: - Linux Example: - Configuration Push: Editor Response: The editor asserts these are not vulnerabilities as they provide an option to implement authentication. Timeline - 2021: Vulnerabilities discovered - 2023-01: Editor contacted - 2023-02: Editor ACK - 2023-05: FD