Vulnerability Details : CVE-2014-3085
systest.php on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the lpres parameter.
Exploit prediction scoring system (EPSS) score for CVE-2014-3085
Probability of exploitation activity in the next 30 days: 0.36%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 69 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2014-3085
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
7.1
|
HIGH | AV:N/AC:H/Au:S/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
CWE ids for CVE-2014-3085
-
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-3085
-
http://www.exploit-db.com/exploits/34132/
IBM GCM16/32 1.20.0.22575 - Multiple Vulnerabilities - PHP remote ExploitExploit
-
http://packetstormsecurity.com/files/127543/IBM-1754-GCM-KVM-Code-Execution-File-Read-XSS.html
IBM 1754 GCM KVM Code Execution / File Read / XSS ≈ Packet StormExploit
-
http://www.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095983
IBM Security Bulletin: Three potential vulnerabilities in IBM GCM16/GCM32 Global Console Managers (CVE-2014-3085, CVE-2014-3081, CVE-2014-3080)Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/94091
IBM GCM16/GCM32 Global Console Managers remote code execution CVE-2014-3085 Vulnerability Report
Products affected by CVE-2014-3085
- cpe:2.3:o:ibm:global_console_manager_16_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:global_console_manager_32_firmware:*:*:*:*:*:*:*:*