Sign-up

ID

VAR-201308-0129


CVE

CVE-2013-0526


TITLE

IBM Avocent 1754 KVM Runs on the switch GCM16 and GCM32 Vulnerable to arbitrary command execution

Trust: 0.8

sources: JVNDB: JVNDB-2013-003841

DESCRIPTION

ping.php in Global Console Manager 16 (GCM16) and Global Console Manager 32 (GCM32) before 1.20.0.22575 on the IBM Avocent 1754 KVM switch allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) count or (2) size parameter. The IBM 1754 GCM Series provides KVM and serial console management over IP in a single device. An attacker can exploit the vulnerability to execute arbitrary commands with root privileges. This vulnerability stems from a webapp variable not being properly filtered. The product supports AES encryption, LDAP and smart card/common access card (CAC) readers and more, enabling centralized authentication and local or remote system access

Trust: 2.52

sources: NVD: CVE-2013-0526 // JVNDB: JVNDB-2013-003841 // CNVD: CNVD-2013-12510 // BID: 61816 // VULHUB: VHN-60528

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2013-12510

AFFECTED PRODUCTS

vendor:ibmmodel:global console manager 16scope:lteversion:1.18.0.22011

Trust: 1.0

vendor:ibmmodel:global console manager 32scope:lteversion:1.18.0.22011

Trust: 1.0

vendor:ibmmodel:1754 gcm16 global console managerscope:ltversion:1.20.0.22575

Trust: 0.8

vendor:ibmmodel:1754 gcm32 global console managerscope:ltversion:1.20.0.22575

Trust: 0.8

vendor:ibmmodel:avocentscope:eqversion:1754 kvm

Trust: 0.8

vendor:ibmmodel:gcm16 global console managerscope:eqversion:1754<=1.18.0.22011

Trust: 0.6

vendor:ibmmodel:gcm32 global console managerscope:eqversion:1754<=1.18.0.22011

Trust: 0.6

vendor:ibmmodel:global console manager 16scope:eqversion:1.18.0.22011

Trust: 0.6

vendor:ibmmodel:global console manager 32scope:eqversion:1.18.0.22011

Trust: 0.6

vendor:ibmmodel:gcm32 global console managerscope:eqversion:17541.18.0.22011

Trust: 0.3

vendor:ibmmodel:gcm16 global console managerscope:eqversion:17541.18.0.22011

Trust: 0.3

vendor:ibmmodel:gcm32 global console managerscope:neversion:17541.20.0.22575

Trust: 0.3

vendor:ibmmodel:gcm16 global console managerscope:neversion:17541.20.0.22575

Trust: 0.3

sources: CNVD: CNVD-2013-12510 // BID: 61816 // JVNDB: JVNDB-2013-003841 // CNNVD: CNNVD-201308-294 // NVD: CVE-2013-0526

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-0526
value: HIGH

Trust: 1.0

NVD: CVE-2013-0526
value: HIGH

Trust: 0.8

CNVD: CNVD-2013-12510
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201308-294
value: HIGH

Trust: 0.6

VULHUB: VHN-60528
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2013-0526
severity: HIGH
baseScore: 8.5
vectorString: AV:N/AC:M/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.8
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2013-12510
severity: HIGH
baseScore: 8.5
vectorString: AV:N/AC:M/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.8
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-60528
severity: HIGH
baseScore: 8.5
vectorString: AV:N/AC:M/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.8
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2013-12510 // VULHUB: VHN-60528 // JVNDB: JVNDB-2013-003841 // CNNVD: CNNVD-201308-294 // NVD: CVE-2013-0526

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.1

sources: VULHUB: VHN-60528 // NVD: CVE-2013-0526

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201308-294

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201308-294

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-003841

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-60528

PATCH
title:IBM GCM16 KVM Switch Remote Command Execution (CVE-2013-0526)url:http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093509
Trust: 0.8
title:Patches for multiple command execution vulnerabilities in IBM 1754 GCM16 and GCM32 Global Console Managersurl:https://www.cnvd.org.cn/patchInfo/show/38278
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2013-12510 // 
            
            
            
            JVNDB: JVNDB-2013-003841

EXTERNAL IDS
db:NVDid:CVE-2013-0526
Trust: 3.4
db:BIDid:61816
Trust: 1.6
db:JVNDBid:JVNDB-2013-003841
Trust: 0.8
db:CNNVDid:CNNVD-201308-294
Trust: 0.7
db:CNVDid:CNVD-2013-12510
Trust: 0.6
db:XFid:85367
Trust: 0.6
db:XFid:20130526
Trust: 0.6
db:SEEBUGid:SSVID-81301
Trust: 0.1
db:EXPLOIT-DBid:27706
Trust: 0.1
db:PACKETSTORMid:122843
Trust: 0.1
db:VULHUBid:VHN-60528
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2013-12510 // 
            
            
            
            VULHUB: VHN-60528 // 
            
            
            
            BID: 61816 // 
            
            
            
            JVNDB: JVNDB-2013-003841 // 
            
            
            
            CNNVD: CNNVD-201308-294 // 
            
            
            
            NVD: CVE-2013-0526

REFERENCES
url:http://www.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5093509
Trust: 1.7
url:http://www.bitcloud.es/2013/08/vulnerabilidad-en-kvms-gcm1632-de-ibm.html
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/85367
Trust: 1.1
url:http://seclists.org/fulldisclosure/2013/aug/180
Trust: 0.9
url:http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5093509
Trust: 0.9
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-0526
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-0526
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/85367
Trust: 0.6
url:http://www.securityfocus.com/bid/61816
Trust: 0.6
url:http://www.redbooks.ibm.com/abstracts/tips0772.html
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2013-12510 // 
            
            
            
            VULHUB: VHN-60528 // 
            
            
            
            BID: 61816 // 
            
            
            
            JVNDB: JVNDB-2013-003841 // 
            
            
            
            CNNVD: CNNVD-201308-294 // 
            
            
            
            NVD: CVE-2013-0526

CREDITS
Alejandro Alvarez Bravo
Trust: 0.9
sources:
            
            
            BID: 61816 // 
            
            
            
            CNNVD: CNNVD-201308-294

SOURCES
db:CNVDid:CNVD-2013-12510
db:VULHUBid:VHN-60528
db:BIDid:61816
db:JVNDBid:JVNDB-2013-003841
db:CNNVDid:CNNVD-201308-294
db:NVDid:CVE-2013-0526

LAST UPDATE DATE
2025-04-11T23:18:53.879000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2013-12510date:2013-08-22T00:00:00
db:VULHUBid:VHN-60528date:2017-08-29T00:00:00
db:BIDid:61816date:2013-08-16T00:00:00
db:JVNDBid:JVNDB-2013-003841date:2013-08-23T00:00:00
db:CNNVDid:CNNVD-201308-294date:2013-08-29T00:00:00
db:NVDid:CVE-2013-0526date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:CNVDid:CNVD-2013-12510date:2013-08-21T00:00:00
db:VULHUBid:VHN-60528date:2013-08-21T00:00:00
db:BIDid:61816date:2013-08-16T00:00:00
db:JVNDBid:JVNDB-2013-003841date:2013-08-23T00:00:00
db:CNNVDid:CNNVD-201308-294date:2013-08-29T00:00:00
db:NVDid:CVE-2013-0526date:2013-08-21T16:55:07.417