CVE-2014-3085

IBM Global Console Manager 16 and 32 Firmware < 1.20.0.22575 - Authenticated OS Command Injection via lpres Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-3085. PoCs published by Alejandro Alvarez Bravo.

AI-analyzed exploit summary The exploit demonstrates remote code execution (RCE) and arbitrary file read vulnerabilities in IBM 1754 GCM KVM switches (v1.20.0.22575 and prior). It leverages improper input sanitization in `systest.php` and `prodtest.php` to execute commands and read files, respectively.

Description

systest.php on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the lpres parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Alejandro Alvarez Bravo · textremotephp
https://www.exploit-db.com/exploits/34132

The exploit demonstrates remote code execution (RCE) and arbitrary file read vulnerabilities in IBM 1754 GCM KVM switches (v1.20.0.22575 and prior). It leverages improper input sanitization in `systest.php` and `prodtest.php` to execute commands and read files, respectively.

Classification
Working Poc 95%
Attack Type
Rce | Info Leak
Complexity
Trivial
Reliability
Reliable
Target: IBM 1754 GCM KVM switch v1.20.0.22575 and prior
Auth required
Prerequisites: Valid session ID (avctSessionId) · Network access to the target device
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/34132/
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/94091

Scores

EPSS 0.0765
EPSS Percentile 93.8%

Details

CWE
CWE-78
Status published
Products (2)
ibm/global_console_manager_16_firmware < 1.20.0.22575
ibm/global_console_manager_32_firmware < 1.20.0.22575
Published Aug 17, 2014
Tracked Since Feb 18, 2026