systest.php on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the lpres parameter.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 02:07
Type | Values Removed | Values Added |
---|---|---|
References | () http://packetstormsecurity.com/files/127543/IBM-1754-GCM-KVM-Code-Execution-File-Read-XSS.html - Exploit | |
References | () http://www.exploit-db.com/exploits/34132/ - Exploit | |
References | () http://www.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095983 - Vendor Advisory | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/94091 - |
Information
Published : 2014-08-17 23:55
Updated : 2024-11-21 02:07
NVD link : CVE-2014-3085
Mitre link : CVE-2014-3085
CVE.ORG link : CVE-2014-3085
JSON object : View
Products Affected
ibm
- global_console_manager_16_firmware
- global_console_manager_32_firmware
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')