VAR-201408-0283
Vulnerability from variot - Updated: 2025-04-13 23:05systest.php on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the lpres parameter. IBM 1754 GCM16 and GCM32 Global Console Managers are prone to an unspecified remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely cause denial-of-service conditions. The following versions are vulnerable: IBM 1754 GCM16 Global Console Manager running firmware 1.20.0.22575 and prior IBM 1754 GCM32 Global Console Manager running firmware 1.20.0.22575 and prior. The product supports AES encryption, LDAP and smart card/common access card (CAC) readers and more, enabling centralized authentication and local or remote system access
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201408-0283",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "global console manager 32",
"scope": "lte",
"trust": 1.0,
"vendor": "ibm",
"version": "1.20.0.22575"
},
{
"model": "global console manager 16",
"scope": "lte",
"trust": 1.0,
"vendor": "ibm",
"version": "1.20.0.22575"
},
{
"model": "1754 gcm16 global console manager",
"scope": "lt",
"trust": 0.8,
"vendor": "ibm",
"version": "1.20.20.23447"
},
{
"model": "1754 gcm32 global console manager",
"scope": "lt",
"trust": 0.8,
"vendor": "ibm",
"version": "1.20.20.23447"
},
{
"model": "global console manager 16",
"scope": "eq",
"trust": 0.6,
"vendor": "ibm",
"version": "1.20.0.22575"
},
{
"model": "global console manager 32",
"scope": "eq",
"trust": 0.6,
"vendor": "ibm",
"version": "1.20.0.22575"
},
{
"model": "gcm32 global console manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "17541.20.0.22575"
},
{
"model": "gcm32 global console manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "17541.18.0.22011"
},
{
"model": "gcm16 global console manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "17541.20.0.22575"
},
{
"model": "gcm16 global console manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "17541.18.0.22011"
},
{
"model": "gcm32 global console manager",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "17541.20.20.23447"
},
{
"model": "gcm16 global console manager",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "17541.20.20.23447"
}
],
"sources": [
{
"db": "BID",
"id": "68939"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003833"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-046"
},
{
"db": "NVD",
"id": "CVE-2014-3085"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:ibm:global_console_manager_16_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:ibm:global_console_manager_32_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003833"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Alejandro Alvarez Bravo",
"sources": [
{
"db": "BID",
"id": "68939"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-046"
}
],
"trust": 0.9
},
"cve": "CVE-2014-3085",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2014-3085",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:H/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-71024",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:H/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-3085",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2014-3085",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201408-046",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-71024",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2014-3085",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71024"
},
{
"db": "VULMON",
"id": "CVE-2014-3085"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003833"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-046"
},
{
"db": "NVD",
"id": "CVE-2014-3085"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "systest.php on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the lpres parameter. IBM 1754 GCM16 and GCM32 Global Console Managers are prone to an unspecified remote code-execution vulnerability. \nAttackers can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely cause denial-of-service conditions. \nThe following versions are vulnerable:\nIBM 1754 GCM16 Global Console Manager running firmware 1.20.0.22575 and prior\nIBM 1754 GCM32 Global Console Manager running firmware 1.20.0.22575 and prior. The product supports AES encryption, LDAP and smart card/common access card (CAC) readers and more, enabling centralized authentication and local or remote system access",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-3085"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003833"
},
{
"db": "BID",
"id": "68939"
},
{
"db": "VULHUB",
"id": "VHN-71024"
},
{
"db": "VULMON",
"id": "CVE-2014-3085"
}
],
"trust": 2.07
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-71024",
"trust": 0.1,
"type": "unknown"
},
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=34132",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71024"
},
{
"db": "VULMON",
"id": "CVE-2014-3085"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-3085",
"trust": 2.9
},
{
"db": "EXPLOIT-DB",
"id": "34132",
"trust": 1.8
},
{
"db": "PACKETSTORM",
"id": "127543",
"trust": 1.2
},
{
"db": "BID",
"id": "68939",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003833",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201408-046",
"trust": 0.7
},
{
"db": "SECUNIA",
"id": "60260",
"trust": 0.6
},
{
"db": "XF",
"id": "94091",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-71024",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2014-3085",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71024"
},
{
"db": "VULMON",
"id": "CVE-2014-3085"
},
{
"db": "BID",
"id": "68939"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003833"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-046"
},
{
"db": "NVD",
"id": "CVE-2014-3085"
}
]
},
"id": "VAR-201408-0283",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-71024"
}
],
"trust": 0.7666666999999999
},
"last_update_date": "2025-04-13T23:05:08.370000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MIGR-5095983",
"trust": 0.8,
"url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095983"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003833"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71024"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003833"
},
{
"db": "NVD",
"id": "CVE-2014-3085"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "http://www.exploit-db.com/exploits/34132/"
},
{
"trust": 1.8,
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095983"
},
{
"trust": 1.2,
"url": "http://packetstormsecurity.com/files/127543/ibm-1754-gcm-kvm-code-execution-file-read-xss.html"
},
{
"trust": 1.2,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94091"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3085"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3085"
},
{
"trust": 0.7,
"url": "http://www.securityfocus.com/bid/68939"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/94091"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/60260"
},
{
"trust": 0.3,
"url": "http://www.redbooks.ibm.com/abstracts/tips0772.html"
},
{
"trust": 0.3,
"url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095983"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71024"
},
{
"db": "VULMON",
"id": "CVE-2014-3085"
},
{
"db": "BID",
"id": "68939"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003833"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-046"
},
{
"db": "NVD",
"id": "CVE-2014-3085"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-71024"
},
{
"db": "VULMON",
"id": "CVE-2014-3085"
},
{
"db": "BID",
"id": "68939"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003833"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-046"
},
{
"db": "NVD",
"id": "CVE-2014-3085"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-08-17T00:00:00",
"db": "VULHUB",
"id": "VHN-71024"
},
{
"date": "2014-08-17T00:00:00",
"db": "VULMON",
"id": "CVE-2014-3085"
},
{
"date": "2014-07-22T00:00:00",
"db": "BID",
"id": "68939"
},
{
"date": "2014-08-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003833"
},
{
"date": "2014-07-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201408-046"
},
{
"date": "2014-08-17T23:55:06.947000",
"db": "NVD",
"id": "CVE-2014-3085"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-71024"
},
{
"date": "2017-08-29T00:00:00",
"db": "VULMON",
"id": "CVE-2014-3085"
},
{
"date": "2014-07-22T00:00:00",
"db": "BID",
"id": "68939"
},
{
"date": "2014-08-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003833"
},
{
"date": "2014-08-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201408-046"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-3085"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201408-046"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IBM GCM16 and GCM32 Global Console Manager Switch firmware systest.php Vulnerable to arbitrary command execution",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003833"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201408-046"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…