IBM GCM16 / GCM32 Global Console Manager KVM Switch Firmware Version < 1.20.20.23447 Multiple Vulnerabilities

This script is Copyright (C) 2014-2017 Tenable Network Security, Inc.


Synopsis :

The web interface running on the remote host is affected by multiple
vulnerabilities.

Description :

According to its self-reported version, the remote host is an IBM
Global Console Manager KVM switch with a firmware version prior to
1.20.20.23447. It is, therefore, affected by the following
vulnerabilities :

- A reflected cross-site scripting attack via 'kvm.cgi'
or 'avctalert.php'. (CVE-2014-3080)

- Unauthorized file access via the 'filename' parameter
of the 'prodtest.php' script. (CVE-2014-3081)

- Remote code injection via the 'lpre' parameter of the
'systest.php' script. (CVE-2014-3085)

See also :

http://www.nessus.org/u?8a682f40
http://www.nessus.org/u?4046838c

Solution :

Upgrade to firmware version 1.20.20.23447 or later.

Risk factor :

High / CVSS Base Score : 7.1
(CVSS2#AV:N/AC:H/Au:S/C:C/I:C/A:C)
CVSS Temporal Score : 5.6
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 77003 ()

Bugtraq ID: 68777
68779
68939

CVE ID: CVE-2014-3080
CVE-2014-3081
CVE-2014-3085

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now