IBM Network Security Protection XGS Remote Code Execution (swg21690823) (credentialed check)

High Nessus Plugin ID 80335


The remote appliance has an application that is affected by a code execution vulnerability.


The firmware version installed on the remote IBM XGS appliance does not properly sanitize certain user-supplied inputs which can allow a remote, authenticated attacker to execute shell commands with the privileges of the 'www-data' user via a standard HTTP request.


Apply the relevant patch referenced in the vendor's advisory.

See Also

Plugin Details

Severity: High

ID: 80335

File Name: ibm_xgs_swg21690823.nasl

Version: $Revision: 1.3 $

Type: remote

Family: Misc.

Published: 2015/01/02

Modified: 2016/06/13

Dependencies: 80200

Risk Information

Risk Factor: High


Base Score: 9

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/o:ibm:security_network_protection_firmware

Required KB Items: Host/IBM/XGS/version

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2014/11/19

Vulnerability Publication Date: 2014/11/19

Reference Information

CVE: CVE-2014-6183

BID: 71258

OSVDB: 114863