14 Replies Latest reply on Jul 6, 2016 6:46 AM by Bill Robinson

    Nessus reports vulnerability for CVE-2016-1543 on Windows RSCD Agents

    Yanick Girouard

      We use Nessus to scan for security vulnerabilities and our security team has flagged all of our Windows RSCD Agents with the following vulnerability:



      CVE: CVE-2016-1543
      IAVB: 2016-B-0062
      BMC Server Automation RSCD Agent ACL Bypass
      The remote BMC BladeLogic Server Automation (BSA) RSCD agent is affected by a security bypass vulnerability due to a failure to properly enforce the ACL. An unauthenticated, remote attacker can exploit this, by ignoring the response to the RemoteServer.info request, to bypass the ACL and execute XML-RPC commands.
      Apply the BMC BladeLogic Server Automation compliance template available from the vendor to all affected RSCD agents.
      See Also
      Nessus was able to execute the command "RemoteServer.getHostOverview" using the
      following request :
      This produced the following truncated output (limited to 10 lines) :
      ------------------------------ snip ------------------------------
      agentEnvironmentSYSTEMROOT=C:\WindowsWINDIR=C:\WindowsagentInstallDir/C/Program Files/BMC Software/BladeLogic/RSCD/licensed1machinex86_64majorVersion8minorVersion5nodenamesnwmrpicodpx3patchVersion01platformVersion304processorx86_64release6.3repeater0subnetMask255.255.255.0sysnameWindowsNTversion9200



      According to your flash bulletin about CVE-2016-1543 (https://docs.bmc.com/docs/display/bsa87/Notification+of+critical+security+issue+in+BMC+Server+Automation) it only affects Linux/UNIX agents. If so, why is Nessus reporting the vulnerability for Windows agents as well? Is Nessus wrong, or should there indeed be a fix for Windows agents as well?


      I have opened case 00156041 for the above.