CVE-2014-3085

2014-08-1723:55:06

CWE-78

ibm

web.nvd.nist.gov

cve-2014-3085

systest.php

ibm

gcm16

gcm32

global console manager

firmware

remote authenticated users

arbitrary commands

shell metacharacters

lpres parameter

security vulnerability

CVSS2

7.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:S/C:C/I:C/A:C

AI Score

7.3

Confidence

Low

EPSS

0.004

Percentile

72.2%

JSON

systest.php on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the lpres parameter.

Affected configurations

Nvd

Node

ibmglobal_console_manager_16_firmwareRange≤1.20.0.22575

ibmglobal_console_manager_32_firmwareRange≤1.20.0.22575

VendorProductVersionCPE
ibmglobal_console_manager_16_firmware*cpe:2.3:o:ibm:global_console_manager_16_firmware:*:*:*:*:*:*:*:*
ibmglobal_console_manager_32_firmware*cpe:2.3:o:ibm:global_console_manager_32_firmware:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	global_console_manager_16_firmware	*	cpe:2.3:o:ibm:global_console_manager_16_firmware::::::::
ibm	global_console_manager_32_firmware	*	cpe:2.3:o:ibm:global_console_manager_32_firmware::::::::