IBM GCM16 / GCM32 Global Console Manager KVM Switch Firmware Version < Remote Code Execution

High Nessus Plugin ID 77002


The web interface running on the remote host is affected by a remote code execution vulnerability.


According to its self-reported version, the remote host is an IBM Global Console Manager KVM switch with a firmware version prior to It is, therefore, affected by a remote code execution vulnerability that could allow an authenticated attacker to execute commands as root via the 'ping.php' script's 'count' and 'size' parameters.


Upgrade to firmware version or later.

See Also

Plugin Details

Severity: High

ID: 77002

File Name: ibm_gcm_kvm_MIGR-5093509.nasl

Version: $Revision: 1.1 $

Type: remote

Family: Misc.

Published: 2014/08/05

Modified: 2014/08/05

Dependencies: 77001

Risk Information

Risk Factor: High


Base Score: 8.5

Temporal Score: 7

Vector: CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/h:ibm:avocent_1754_kvm, cpe:/o:ibm:global_console_manager_16_firmware, cpe:/o:ibm:global_console_manager_32_firmware

Required KB Items: Host/IBM/GCM/Version, Host/IBM/GCM/Model

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2014/07/23

Vulnerability Publication Date: 2013/08/15

Reference Information

CVE: CVE-2013-0526

BID: 61816

OSVDB: 96389