Vulnerability Details : CVE-2016-1543
Public exploit exists!
The RPC API in the RSCD agent in BMC BladeLogic Server Automation (BSA) 8.2.x, 8.3.x, 8.5.x, 8.6.x, and 8.7.x on Linux and UNIX allows remote attackers to bypass authorization and reset arbitrary user passwords by sending an action packet to xmlrpc after an authorization failure.
Vulnerability category: BypassGain privilege
Products affected by CVE-2016-1543
- cpe:2.3:a:bmc:bladelogic_server_automation_console:8.3.02:*:*:*:*:*:*:*
- cpe:2.3:a:bmc:bladelogic_server_automation_console:8.7.00:*:*:*:*:*:*:*
- cpe:2.3:a:bmc:bladelogic_server_automation_console:8.3.00:*:*:*:*:*:*:*
- cpe:2.3:a:bmc:bladelogic_server_automation_console:8.2.02:*:*:*:*:*:*:*
- cpe:2.3:a:bmc:bladelogic_server_automation_console:8.6.00:*:*:*:*:*:*:*
- cpe:2.3:a:bmc:bladelogic_server_automation_console:8.5.01:*:*:*:*:*:*:*
- cpe:2.3:a:bmc:bladelogic_server_automation_console:8.2.03:*:*:*:*:*:*:*
- cpe:2.3:a:bmc:bladelogic_server_automation_console:8.3.01:*:*:*:*:*:*:*
- cpe:2.3:a:bmc:bladelogic_server_automation_console:8.2.04:*:*:*:*:*:*:*
- cpe:2.3:a:bmc:bladelogic_server_automation_console:8.5.00:*:*:*:*:*:*:*
- cpe:2.3:a:bmc:bladelogic_server_automation_console:8.3.03:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-1543
27.02%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 97 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2016-1543
-
BMC Server Automation RSCD Agent NSH Remote Command Execution
Disclosure Date: 2016-03-16First seen: 2020-04-26exploit/multi/misc/bmc_server_automation_rscd_nsh_rceThis module exploits a weak access control check in the BMC Server Automation RSCD agent that allows arbitrary operating system commands to be executed without authentication. Note: Under Windows, non-powershell commands may need to be prefixed with 'cm
CVSS scores for CVE-2016-1543
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2016-1543
-
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-1543
-
https://www.exploit-db.com/exploits/43902/
BMC BladeLogic 8.3.00.64 - Remote Command Execution
-
https://www.insinuator.net/2016/03/bmc-bladelogic-cve-2016-1542-and-cve-2016-1543/
BMC BladeLogic: CVE-2016-1542 and CVE-2016-1543 – Insinuator.net
-
http://www.securityfocus.com/archive/1/537910/100/0/threaded
SecurityFocus
-
https://selfservice.bmc.com/casemgmt/sc_KnowledgeArticle?sfdcid=kA214000000dBpnCAE&type=Solution
BSA: Remediation Package for BSA Vulnerabilities CVE-2016-1542 and CVE-2016-1543Patch;Vendor Advisory
-
http://packetstormsecurity.com/files/136462/BMC-Server-Automation-BSA-RSCD-Agent-Unauthorized-Password-Reset.html
BMC Server Automation (BSA) RSCD Agent Unauthorized Password Reset ≈ Packet Storm
-
https://www.exploit-db.com/exploits/43939/
BMC Server Automation RSCD Agent - NSH Remote Command Execution (Metasploit)
Jump to