CVE-2014-3085 Information

Description

systest.php on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the lpres parameter.

Reference

http://packetstormsecurity.com/files/127543/IBM-1754-GCM-KVM-Code-Execution-File-Read-XSS.html http://www.exploit-db.com/exploits/34132/ http://www.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095983 https://exchange.xforce.ibmcloud.com/vulnerabilities/94091