BMC Server Automation RSCD Agent Weak ACL NSH Arbitrary Command Execution

This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.

Synopsis :

The RSCD agent running on the remote host is affected by a remote
command execution vulnerability.

Description :

The BMC Server Automation RSCD agent running on the remote host is
configured in such a manner as to publicly expose an API that can be
used for unrestricted command execution. An unauthenticated, remote
attacker can exploit this, via the NSH protocol, to execute arbitrary

See also :

Solution :

Update the exports file to restrict access to the interface.

Risk factor :

Critical / CVSS Base Score : 10.0

Family: Misc.

Nessus Plugin ID: 91947 ()

Bugtraq ID:


Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now