Vulnerability Description
ping.php in Global Console Manager 16 (GCM16) and Global Console Manager 32 (GCM32) before 1.20.0.22575 on the IBM Avocent 1754 KVM switch allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) count or (2) size parameter.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Global Console Manager 16 Firmware | <= 1.18.0.22011 |
| Ibm | Global Console Manager 32 Firmware | <= 1.18.0.22011 |
| Ibm | Avocent 1754 Kvm | - |
Related Weaknesses (CWE)
References
- http://www.bitcloud.es/2013/08/vulnerabilidad-en-kvms-gcm1632-de-ibm.html
- http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093509Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/85367
- http://www.bitcloud.es/2013/08/vulnerabilidad-en-kvms-gcm1632-de-ibm.html
- http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093509Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/85367
FAQ
What is CVE-2013-0526?
CVE-2013-0526 is a vulnerability with a CVSS score of 8.5 (HIGH). ping.php in Global Console Manager 16 (GCM16) and Global Console Manager 32 (GCM32) before 1.20.0.22575 on the IBM Avocent 1754 KVM switch allows remote authenticated users to execute arbitrary comman...
How severe is CVE-2013-0526?
CVE-2013-0526 has been rated HIGH with a CVSS base score of 8.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-0526?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Global Console Manager 16 Firmware, Ibm Global Console Manager 32 Firmware, Ibm Avocent 1754 Kvm.