BladeLogic Server Automation from BMC allows quick and secure solution to configure, patch and maintain physical, virtual, and cloud servers.
The Windows RSCD Agent is affected by a authorization bypass vulnerability which allows remote systems to connect to the agent because the “users” file does not implement access restriction properly.
BMC Server Automation, prior to version 8.6 SP1 Patch 2
BMC Server Automation, prior to version 8.7 Patch 3
QID Detection Logic:
The QID uses registry keys “HKLM\SYSTEM\CurrentControlSet\services\RSCDsvc” value “ImagePath” and “HKLM\\Software\\BladeLogic\\RSCD\\Agent” value “AgentHome” to check for the vulnerable version with the help of file “RSCDsvc.exe”.
Successful exploitation of the vulnerability allows remote systems to connect to the Windows RSCD Agent because the “users” file does not implement access restriction properly.