CVE-2013-0526

high

Published 2013-08-21 · Modified 2026-04-29

CVSS v3

—

CVSS v2

8.5

VIR risk

8.5

Description

ping.php in Global Console Manager 16 (GCM16) and Global Console Manager 32 (GCM32) before 1.20.0.22575 on the IBM Avocent 1754 KVM switch allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) count or (2) size parameter.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: psirt@us.ibm.com — http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093509

References

http://www.bitcloud.es/2013/08/vulnerabilidad-en-kvms-gcm1632-de-ibm.html
http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093509
https://exchange.xforce.ibmcloud.com/vulnerabilities/85367
http://www.bitcloud.es/2013/08/vulnerabilidad-en-kvms-gcm1632-de-ibm.html
http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093509
https://exchange.xforce.ibmcloud.com/vulnerabilities/85367

CWEs

CWE-20

Verify integrity in audit chain (admin only). AS-IS.