IBM GCM16 / GCM32 Global Console Manager KVM Switch Firmware Version < 126.96.36.19947 Multiple Vulnerabilities
High Nessus Plugin ID 77003
SynopsisThe web interface running on the remote host is affected by multiple vulnerabilities.
DescriptionAccording to its self-reported version, the remote host is an IBM Global Console Manager KVM switch with a firmware version prior to 188.8.131.5247. It is, therefore, affected by the following vulnerabilities :
- A reflected cross-site scripting attack via 'kvm.cgi' or 'avctalert.php'. (CVE-2014-3080)
- Unauthorized file access via the 'filename' parameter of the 'prodtest.php' script. (CVE-2014-3081)
- Remote code injection via the 'lpre' parameter of the 'systest.php' script. (CVE-2014-3085)
SolutionUpgrade to firmware version 184.108.40.20647 or later.