IBM Fixes Code Execution, Cookie-Stealing Vulnerabilities in Switches

Type threatpost
Reporter Chris Brook
Modified 2014-07-25T14:02:58


IBM recently patched a handful of vulnerabilities in some of its KVM switches that, if exploited, could have given an attacker free reign over any system attached to it.

The problem specifically affects builds of IBM’s Global Console Managers; keyboard, video and mouse (KVM) switches that let end users remotely manager servers, routers and so on. Both versions GCM16 and GCM32 running firmware and earlier, should be considered vulnerable until patched.

Three CVEs in total were fixed according to a recent security advisory by the company, but the most important one was a problem that could have let a remote authenticated attacker execute code on the switch.

The second could have allowed an attacker to read any arbitrary file on the system while the last would’ve opened up both console switches to cross-site scripting.

The last issue stems from the way the switches validated user-supplied input. If the attacker wanted to he could simply send a special URL to execute script in the victim’s web browser and once clicked, the attacker could swipe the user’s cookie-based authentication credentials.

Alejandro Alvarez Bravo, a security researcher who specializes in digging up IBM vulnerabilities, especially in GCM, found these back in May but they weren’t patched until last Wednesday.

Bravo warned today on the Full Disclosure list that the same vulnerabilities are also present in some KVM switches manufactured by Dell – but it’s unclear which switches in particular are at risk.

Threatpost’s email inquiries to Dell were not immediately answered on Monday. Bravo also acknowledged on Full Disclosure that he has had difficulty getting a response from the company regarding the bugs.

IBM meanwhile is recommending those who are using old versions of the switches to upgrade their firmware versions to