This script is Copyright (C) 2014-2017 Tenable Network Security, Inc.
The web interface running on the remote host is affected by multiple
According to its self-reported version, the remote host is an IBM
Global Console Manager KVM switch with a firmware version prior to
188.8.131.5247. It is, therefore, affected by the following
- A reflected cross-site scripting attack via 'kvm.cgi'
or 'avctalert.php'. (CVE-2014-3080)
- Unauthorized file access via the 'filename' parameter
of the 'prodtest.php' script. (CVE-2014-3081)
- Remote code injection via the 'lpre' parameter of the
'systest.php' script. (CVE-2014-3085)
See also :
Upgrade to firmware version 184.108.40.20647 or later.
Risk factor :
High / CVSS Base Score : 7.1
CVSS Temporal Score : 5.6
Public Exploit Available : true