Lucene search

IbmVULNRICHMENT:CVE-2024-25029

HistoryApr 06, 2024 - 11:51 a.m.

CVE-2024-25029 IBM Personal Communications code execution

2024-04-0611:51:45

CWE-119

ibm

github.com

ibm personal communications

rce

lpe

vulnerability

windows service

network access

privilege escalation

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

7.9

Confidence

High

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

IBM Personal Communications 14.0.6 through 15.0.1 includes a Windows service that is vulnerable to remote code execution (RCE) and local privilege escalation (LPE). The vulnerability allows any unprivileged user with network access to a target computer to run commands with full privileges in the context of NT AUTHORITY\SYSTEM. This allows for a low privileged attacker to move laterally to affected systems and to escalate their privileges. IBM X-Force ID: 281619.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:ibm:personal_communications:14.0.6:*:*:*:*:*:*:*"
    ],
    "vendor": "ibm",
    "product": "personal_communications",
    "versions": [
      {
        "status": "affected",
        "version": "14.0.6",
        "versionType": "custom",
        "lessThanOrEqual": "15.0.1"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/281619

www.ibm.com/support/pages/node/7147672

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

7.9

Confidence

High

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Related for VULNRICHMENT:CVE-2024-25029