Vulnerability Description
systest.php on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the lpres parameter.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Global Console Manager 16 Firmware | <= 1.20.0.22575 |
| Ibm | Global Console Manager 32 Firmware | <= 1.20.0.22575 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/127543/IBM-1754-GCM-KVM-Code-Execution-FileExploit
- http://www.exploit-db.com/exploits/34132/Exploit
- http://www.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095983Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/94091
- http://packetstormsecurity.com/files/127543/IBM-1754-GCM-KVM-Code-Execution-FileExploit
- http://www.exploit-db.com/exploits/34132/Exploit
- http://www.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095983Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/94091
FAQ
What is CVE-2014-3085?
CVE-2014-3085 is a vulnerability with a CVSS score of 7.1 (HIGH). systest.php on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the lp...
How severe is CVE-2014-3085?
CVE-2014-3085 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-3085?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Global Console Manager 16 Firmware, Ibm Global Console Manager 32 Firmware.