CVE-2016-5063 - OpenCVE

The RSCD agent in BMC Server Automation before 8.6 SP1 Patch 2 and 8.7 before Patch 3 on Windows might allow remote attackers to bypass authorization checks and make an RPC call via unspecified vectors.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Bmc	Server Automation

Configuration 1 [-]

OR	cpe:2.3:a:bmc:server_automation::sp1_patch_1::::::*
	cpe:2.3:a:bmc:server_automation::patch_2::::::*

References

Link	Resource
http://www.securityfocus.com/bid/93948	Third Party Advisory VDB Entry
https://docs.bmc.com/docs/display/bsa87/Notification+of+Windows+RSCD+Agent+vulnerability+in+BMC+Server+Automation+CVE-2016-5063	Mitigation Vendor Advisory
https://www.exploit-db.com/exploits/43902/
https://www.exploit-db.com/exploits/43934/

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: certcc

Published: 2017-05-02T14:00:00

Updated: 2018-02-01T10:57:01

Reserved: 2016-05-26T00:00:00

Link: CVE-2016-5063

JSON object: View

NVD Information

Status : Modified

Published: 2017-05-02T14:59:00.440

Modified: 2018-02-02T02:29:00.277

Link: CVE-2016-5063

JSON object: View

Redhat Information

No data.

CWE

CWE-285

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-06-17T00:00:00", "descriptions": [{"lang": "en", "value": "The RSCD agent in BMC Server Automation before 8.6 SP1 Patch 2 and 8.7 before Patch 3 on Windows might allow remote attackers to bypass authorization checks and make an RPC call via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-02-01T10:57:01", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc"}, "references": [{"name": "93948", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/93948"}, {"name": "43934", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/43934/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://docs.bmc.com/docs/display/bsa87/Notification+of+Windows+RSCD+Agent+vulnerability+in+BMC+Server+Automation+CVE-2016-5063"}, {"name": "43902", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/43902/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cert@cert.org", "ID": "CVE-2016-5063", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The RSCD agent in BMC Server Automation before 8.6 SP1 Patch 2 and 8.7 before Patch 3 on Windows might allow remote attackers to bypass authorization checks and make an RPC call via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "93948", "refsource": "BID", "url": "http://www.securityfocus.com/bid/93948"}, {"name": "43934", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/43934/"}, {"name": "https://docs.bmc.com/docs/display/bsa87/Notification+of+Windows+RSCD+Agent+vulnerability+in+BMC+Server+Automation+CVE-2016-5063", "refsource": "CONFIRM", "url": "https://docs.bmc.com/docs/display/bsa87/Notification+of+Windows+RSCD+Agent+vulnerability+in+BMC+Server+Automation+CVE-2016-5063"}, {"name": "43902", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/43902/"}]}}}}, "cveMetadata": {"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2016-5063", "datePublished": "2017-05-02T14:00:00", "dateReserved": "2016-05-26T00:00:00", "dateUpdated": "2018-02-01T10:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:bmc:server_automation:*:sp1_patch_1:*:*:*:*:*:*", "matchCriteriaId": "8D7F6304-38D1-42AA-94B6-4E8EF5887FC7", "versionEndIncluding": "8.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:bmc:server_automation:*:patch_2:*:*:*:*:*:*", "matchCriteriaId": "86E97D3D-4A07-4C94-A81A-458CA7908FE1", "versionEndIncluding": "8.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The RSCD agent in BMC Server Automation before 8.6 SP1 Patch 2 and 8.7 before Patch 3 on Windows might allow remote attackers to bypass authorization checks and make an RPC call via unspecified vectors."}, {"lang": "es", "value": "El agente RSCD en BMC Server Automation en la versi\u00f3n 8.6 SP1 Parche 2 y 8.7 anterior al Parche 3 en Windows, podr\u00eda permitir a atacantes remotos evitar las comprobaciones de autorizaci\u00f3n y realizar una llamada RPC a trav\u00e9s de vectores no especificados."}], "id": "CVE-2016-5063", "lastModified": "2018-02-02T02:29:00.277", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-05-02T14:59:00.440", "references": [{"source": "cret@cert.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/93948"}, {"source": "cret@cert.org", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://docs.bmc.com/docs/display/bsa87/Notification+of+Windows+RSCD+Agent+vulnerability+in+BMC+Server+Automation+CVE-2016-5063"}, {"source": "cret@cert.org", "url": "https://www.exploit-db.com/exploits/43902/"}, {"source": "cret@cert.org", "url": "https://www.exploit-db.com/exploits/43934/"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-285"}], "source": "nvd@nist.gov", "type": "Primary"}]}