BMC Server Automation RSCD Agent Weak ACL NSH Arbitrary Command Execution
Critical Nessus Plugin ID 91947
Synopsis
The RSCD agent running on the remote host is affected by a remote
command execution vulnerability.
Description
The BMC Server Automation RSCD agent running on the remote host is
configured in such a manner as to publicly expose an API that can be
used for unrestricted command execution. An unauthenticated, remote
attacker can exploit this, via the NSH protocol, to execute arbitrary
commands.
Solution
Update the exports file to restrict access to the interface.