The BMC Server Automation RSCD agent running on the remote host is configured in such a manner as to publicly expose an API that can be used for unrestricted command execution. An unauthenticated, remote attacker can exploit this, via the NSH protocol, to execute arbitrary commands.
Binary data bmc_rscd_nsh_acl_check.nbin
Vendor | Product | Version | CPE |
---|---|---|---|
bmc | bladelogic_server_automation_rscd_agent | cpe:/a:bmc:bladelogic_server_automation_rscd_agent |