CVE-2013-0526

Published: Aug 21, 2013Modified: Apr 29, 2026

8.5

Vector

AV:N/AC:M/Au:S/C:C/I:C/A:C

Exploitability: 6.8 / Impact: 10.0

Source: NVD

Description

ping.php in Global Console Manager 16 (GCM16) and Global Console Manager 32 (GCM32) before 1.20.0.22575 on the IBM Avocent 1754 KVM switch allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) count or (2) size parameter.

Affected (2)

Products: Ibm: Global Console Manager 16 Firmware, Global Console Manager 32 Firmware

2 products

Global Console Manager 16 Firmware

Global Console Manager 32 Firmware

Configuration A

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ibm Global Console Manager 16 Firmware	Up to 1.18.0.22011
Ibm Global Console Manager 32 Firmware	Up to 1.18.0.22011

Running on/with	Platform Versions
Ibm Avocent 1754 Kvm	All versions

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (6)

http://www.bitcloud.es/2013/08/vulnerabilidad-en-kvms-gcm1632-de-ibm.html

Source: psirt@us.ibm.com

http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093509

Source: psirt@us.ibm.com

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/85367

Source: psirt@us.ibm.com

http://www.bitcloud.es/2013/08/vulnerabilidad-en-kvms-gcm1632-de-ibm.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093509

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/85367

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.