What is CVE-2016-1543?

CVE-2016-1543 is a high-severity vulnerability in Bmc Bladelogic_server_automation_console, classified under Improper Access Control. CVSS score: 7.5/10. Published 2016-06-13.

How severe is CVE-2016-1543?

High severity. CVSS v3 base score is 7.5 out of 10.

Is CVE-2016-1543 known to be exploited?

4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Bmc Bladelogic_server_automation_console

CVE-2016-1543

The RPC API in the RSCD agent in BMC BladeLogic Server Automation (BSA) 8.2.x, 8.3.x, 8.5.x, 8.6.x, and 8.7.x on Linux and UNIX allows remote attackers to bypass authorization and reset arbitrary user passwords by sending an action packet…

EPSS: 0.730 (98.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N.

Affected products

Bmc Bladelogic_server_automation_console — versions 8.2.02, 8.2.03, 8.2.04
N/a — versions n/a

Weakness classification (CWE)

CWE-284 — Improper Access Control

Public proof-of-concept exploits

References

cret@cert.org (x_refsource_MISC)
20160328 BMC-2015-0011: Unauthorized password reset vulnerability in BMC Server Automation (BSA) (CVE-2016-1543) (mailing-list, x_refsource_BUGTRAQ)
43902 (exploit, x_refsource_EXPLOIT-DB)
43939 (exploit, x_refsource_EXPLOIT-DB)
cret@cert.org (x_refsource_MISC)
cret@cert.org (x_refsource_CONFIRM, Patch, Vendor Advisory)

Frequently asked questions

What is CVE-2016-1543?: CVE-2016-1543 is a high-severity vulnerability in Bmc Bladelogic_server_automation_console, classified under Improper Access Control. CVSS score: 7.5/10. Published 2016-06-13.
How severe is CVE-2016-1543?: High severity. CVSS v3 base score is 7.5 out of 10.
Is CVE-2016-1543 known to be exploited?: 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.