BMC Server Automation RSCD Agent Weak ACL XML-RPC Arbitrary Command Execution

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The RSCD agent running on the remote host is affected by a remote
command execution vulnerability.

Description :

The RSCD agent running on the remote host does not have access
controls in place to prevent an attacker from executing XML-RPC
commands. An unauthenticated, remote attacker can exploit this to
execute arbitrary commands in the context of the user in which the
connections are mapped.

See also :

http://www.bmc.com/it-solutions/bladelogic-server-automation.html
https://docs.bmc.com/docs/display/bsa88/Home

Solution :

Apply more restrictive access controls to the export file.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Family: Misc.

Nessus Plugin ID: 90999 ()

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now