BMC BladeLogic Server Automation RSCD Exploit

The RSCD agent used by BMC’s server automation platform was found to be affected by a serious vulnerability in 2016 (CVE-2016-1542). A vulnerability scan of affected systems will detect this vulnerability but it was difficult for security professionals to take advantage of the vulnerability or to demonstrate the full impact due to a lack of public exploit code.

Cognitous Cyber Security’s Nicky Bloor reverse-engineered the exploit used by a vulnerability scanner in order to produce a fully working exploit.

The exploit and further information can be found at the following links: