Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2016-2024 and is owned by Tenable, Inc. or an Affiliate thereof.BMC_RSCD_NSH_ACL_CHECK.NBIN
HistoryJul 05, 2016 - 12:00 a.m.

BMC Server Automation RSCD Agent Weak ACL NSH Arbitrary Command Execution

2016-07-0500:00:00
This script is Copyright (C) 2016-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
29
JSON

The BMC Server Automation RSCD agent running on the remote host is configured in such a manner as to publicly expose an API that can be used for unrestricted command execution. An unauthenticated, remote attacker can exploit this, via the NSH protocol, to execute arbitrary commands.

Binary data bmc_rscd_nsh_acl_check.nbin
VendorProductVersionCPE
bmcbladelogic_server_automation_rscd_agentcpe:/a:bmc:bladelogic_server_automation_rscd_agent
JSON