PT-2013-2404 · Raritan · Global Console Manager

Published

2013-08-21

Updated

2017-08-29

CVE-2013-0526

CVSS v2.0

8.5

High

Vector

AV:N/AC:M/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Global Console Manager versions prior to 1.20.0.22575

Description The issue allows remote authenticated users to execute arbitrary commands via shell metacharacters in the count or size parameter of the ping.php file.

Recommendations For versions prior to 1.20.0.22575, update to version 1.20.0.22575 or later to resolve the issue. As a temporary workaround, consider restricting access to the ping.php file to minimize the risk of exploitation. Avoid using the count and size parameters in the ping.php file until the issue is resolved.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2013-0526

Affected Products

Global Console Manager

PT-2013-2404 · Raritan · Global Console Manager

CVE-2013-0526

Weakness Enumeration

Related Identifiers

Affected Products

References · 5