IBM GCM16 / GCM32 Global Console Manager KVM Switch Firmware Version < Multiple Vulnerabilities

This script is Copyright (C) 2014-2017 Tenable Network Security, Inc.

Synopsis :

The web interface running on the remote host is affected by multiple

Description :

According to its self-reported version, the remote host is an IBM
Global Console Manager KVM switch with a firmware version prior to It is, therefore, affected by the following
vulnerabilities :

- A reflected cross-site scripting attack via 'kvm.cgi'
or 'avctalert.php'. (CVE-2014-3080)

- Unauthorized file access via the 'filename' parameter
of the 'prodtest.php' script. (CVE-2014-3081)

- Remote code injection via the 'lpre' parameter of the
'systest.php' script. (CVE-2014-3085)

See also :

Solution :

Upgrade to firmware version or later.

Risk factor :

High / CVSS Base Score : 7.1
CVSS Temporal Score : 5.6
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 77003 ()

Bugtraq ID: 68777

CVE ID: CVE-2014-3080

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now