Summary
IBM 1754 GCM16 and GCM32 Global Console Managers are prone to multiple command-execution vulnerabilities because they fail to sanitize user-supplied input.
Impact
Successful exploit of these issues may allow an attacker to execute arbitrary commands with the privileges of the root user.
Impact Level: System
Solution
Updates (Version 1.18.0.22011) are available.
Insight
IBM 1754 GCM16 and GCM32 versions 1.18.0.22011 and below contain a flaw that allows a remote authenticated user to execute unauthorized commands as root. This flaw exist because webapp variables are not sanitized.
Affected
IBM 1754 GCM16 Global Console Manager 1.18.0.22011 and prior IBM 1754 GCM32 Global Console Manager 1.18.0.22011 and prior
Detection
Check if the firmware version is greater than 1.18.0.22011
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2013-0526 -
CVSS Base Score: 8.5
AV:N/AC:M/Au:S/C:C/I:C/A:C
Related Vulnerabilities
- AproxEngine Multiple Remote Input Validation Vulnerabilities
- ActualAnalyzer Lite 'ant' Cookie Parameter Remote Command Execution Vulnerability
- AlstraSoft AskMe Pro 'forum_answer.php' and 'profile.php' Multiple SQL Injection Vulnerabilities
- Admin News Tools Multiple Vulnerabilities
- Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability