BMC Server Automation RSCD Agent - NSH Remote Command Execution Exploit

This Metasploit module exploits a weak access control check in the BMC Server Automation RSCD agent that allows arbitrary operating system commands to be executed without authentication. Note: Under Windows, non-powershell commands may need to be prefixed with 'cmd /c'. This module requires...

BMC BladeLogic 8.3.00.64 - Remote Command Execution

Exploit Title: BMC BladeLogic RSCD agent remote exec - XMLRPC version Filename: BMCrexec.py Github: https://github.com/bao7uo/bmcbladelogic Date: 2018-01-24 Exploit Author: Paul Taylor / Foregenix Ltd Website: http://www.foregenix.com/blog Version: BMC RSCD agent 8.3.00.64 CVE: CVE-2016-1542...

CVE-2016-1543

creationtimestamp| type| source ---|---|--- 2018-02-01 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/43939 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/misc/bmcserverautomationrscdnshrce.rb 2025-02-06...

BMC BladeLogic 8.3.00.64 Remote Command Execution

Exploit Title: BMC BladeLogic RSCD agent remote exec - XMLRPC version Filename: BMCrexec.py Github: https://github.com/bao7uo/bmcbladelogic Date: 2018-01-24 Exploit Author: Paul Taylor / Foregenix Ltd Website: http://www.foregenix.com/blog Version: BMC RSCD agent 8.3.00.64 CVE: CVE-2016-1542...

BMC BladeLogic 8.3.00.64 - Remote Command Execution

BMC BladeLogic 8.3.00.64 - Remote Command Execution Exploit Title: BMC BladeLogic RSCD agent remote exec - XMLRPC version Filename: BMCrexec.py Github: https://github.com/bao7uo/bmcbladelogic Date: 2018-01-24 Exploit Author: Paul Taylor / Foregenix Ltd Website: http://www.foregenix.com/blog...

CVE-2016-1543

The RPC API in the RSCD agent in BMC BladeLogic Server Automation BSA 8.2.x, 8.3.x, 8.5.x, 8.6.x, and 8.7.x on Linux and UNIX allows remote attackers to bypass authorization and reset arbitrary user passwords by sending an action packet to xmlrpc after an authorization failure...

CVE-2016-1543

CVE-2016-1543 affects BMC BladeLogic Server Automation RSCD agent (Linux/UNIX) across 8.2.x–8.7.x. The RPC API allows remote attackers to bypass authorization and reset arbitrary user passwords by sending an action packet to xmlrpc after an authorization failure. Public exploitation exists (NSH r...

BMC Server Automation RSCD Agent ACL Bypass

The remote BMC BladeLogic Server Automation BSA RSCD agent is affected by a security bypass vulnerability due to a failure to properly enforce the ACL. An unauthenticated, remote attacker can exploit this, by ignoring the response to the RemoteServer.info request, to bypass the ACL and execute...