Detections
Analytics
BMC Server Automation RSCD Agent Weak ACL XML-RPC Arbitrary Command Execution
critical Nessus Plugin ID 90999
Language:
Synopsis
The RSCD agent running on the remote host is affected by a remote command execution vulnerability.Description
The RSCD agent running on the remote host does not have access controls in place to prevent an attacker from executing XML-RPC commands. An unauthenticated, remote attacker can exploit this to execute arbitrary commands in the context of the user in which the connections are mapped.Solution
Apply more restrictive access controls to the export file.See Also
http://www.bmc.com/it-solutions/truesight-server-automation.html
https://docs.bmc.com/docs/ServerAutomation/88/home-641429516.html
Plugin Details
Severity: Critical
ID: 90999
File Name: bmc_rscd_xml_acl_check.nasl
Version: 1.4
Type: remote
Family: Misc.
Published: 5/10/2016
Updated: 11/15/2018
Supported Sensors: Nessus
Risk Information
CVSS v2
Risk Factor: Critical
Base Score: 10
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: cpe:/a:bmc:bladelogic_server_automation_rscd_agent
Exploited by Nessus: true