Vulnerability Description
The RPC API in the RSCD agent in BMC BladeLogic Server Automation (BSA) 8.2.x, 8.3.x, 8.5.x, 8.6.x, and 8.7.x on Linux and UNIX allows remote attackers to bypass authorization and reset arbitrary user passwords by sending an action packet to xmlrpc after an authorization failure.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bmc | Bladelogic Server Automation Console | 8.2.02 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/136462/BMC-Server-Automation-BSA-RSCD-Agent
- http://www.securityfocus.com/archive/1/537910/100/0/threaded
- https://selfservice.bmc.com/casemgmt/sc_KnowledgeArticle?sfdcid=kA214000000dBpnCPatchVendor Advisory
- https://www.exploit-db.com/exploits/43902/
- https://www.exploit-db.com/exploits/43939/
- https://www.insinuator.net/2016/03/bmc-bladelogic-cve-2016-1542-and-cve-2016-154
- http://packetstormsecurity.com/files/136462/BMC-Server-Automation-BSA-RSCD-Agent
- http://www.securityfocus.com/archive/1/537910/100/0/threaded
- https://selfservice.bmc.com/casemgmt/sc_KnowledgeArticle?sfdcid=kA214000000dBpnCPatchVendor Advisory
- https://www.exploit-db.com/exploits/43902/
- https://www.exploit-db.com/exploits/43939/
- https://www.insinuator.net/2016/03/bmc-bladelogic-cve-2016-1542-and-cve-2016-154
FAQ
What is CVE-2016-1543?
CVE-2016-1543 is a vulnerability with a CVSS score of 7.5 (HIGH). The RPC API in the RSCD agent in BMC BladeLogic Server Automation (BSA) 8.2.x, 8.3.x, 8.5.x, 8.6.x, and 8.7.x on Linux and UNIX allows remote attackers to bypass authorization and reset arbitrary user...
How severe is CVE-2016-1543?
CVE-2016-1543 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-1543?
Check the references section above for vendor advisories and patch information. Affected products include: Bmc Bladelogic Server Automation Console.