CVE-2014-3085

IBM Global Console Manager 16 Firmware - OS Command Injection

Title source: rule

Description

systest.php on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the lpres parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Alejandro Alvarez Bravo · textremotephp

https://www.exploit-db.com/exploits/34132

View Code ZIP pw:eip

References (4)

Core 4

Core References

Exploit x_refsource_misc

http://packetstormsecurity.com/files/127543/IBM-1754-GCM-KVM-Code-Execution-File-Read-XSS.html

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/34132/

Vendor Advisory x_refsource_confirm

http://www.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095983

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/94091

Scores

EPSS 0.1572

EPSS Percentile 94.7%

Details

CWE

CWE-78

Status published

Products (2)

ibm/global_console_manager_16_firmware < 1.20.0.22575

ibm/global_console_manager_32_firmware < 1.20.0.22575

Published Aug 17, 2014

Tracked Since Feb 18, 2026