Command Injection Vulnerability in IBM Avocent KVM Switch
CVE-2013-0526

Currently unrated

Key Information:

Vendor: IBM
Status: Global Console Manager 16 Firmware; Global Console Manager 32 Firmware
Vendor: CVE Published:; 21 August 2013

Summary

The Global Console Manager versions 16 and 32 prior to 1.20.0.22575 on the IBM Avocent 1754 KVM switch have a vulnerability that allows remote authenticated users to execute arbitrary commands. This issue arises from improper handling of shell metacharacters in the 'count' and 'size' parameters, posing significant security risks to users and systems relying on these KVM switches.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/85367

vdb-entryx_refsource_XF

http://www.bitcloud.es/2013/08/vulnerabilidad-en-kvms-gcm...

x_refsource_MISC

http://www.ibm.com/support/entry/portal/docdisplay?lndoci...

x_refsource_CONFIRM

EPSS Score

7% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Aug 21, 2013
Vulnerability Reserved
Dec 16, 2012