Description
ping.php in Global Console Manager 16 (GCM16) and Global Console Manager 32 (GCM32) before 1.20.0.22575 on the IBM Avocent 1754 KVM switch allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) count or (2) size parameter.
Exploits (1)
exploitdb
WORKING POC
by Alejandro Alvarez Bravo · textremotehardware
https://www.exploit-db.com/exploits/27706
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/85367
Various Sources x_refsource_misc
http://www.bitcloud.es/2013/08/vulnerabilidad-en-kvms-gcm1632-de-ibm.html
Vendor Advisory x_refsource_confirm
http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093509
Scores
EPSS
0.0935
EPSS Percentile
92.8%
Details
CWE
CWE-20
Status
published
Products (2)
ibm/global_console_manager_16_firmware
< 1.18.0.22011
ibm/global_console_manager_32_firmware
< 1.18.0.22011
Published
Aug 21, 2013
Tracked Since
Feb 18, 2026