IBM Power HMC privilege escalation
CVE-2023-38280

8.4HIGH

Key Information:

Vendor: IBM
Status: Power Hmc
Vendor: CVE Published:; 16 October 2023

What is CVE-2023-38280?

The IBM Hardware Management Console versions 10.1.1010.0 and 10.2.1030.0 contain a vulnerability that allows a local user to elevate their privileges, granting them root access within a restricted shell. This can lead to unauthorized access and potential manipulation of system settings, posing a significant risk to the overall system integrity.

Affected Version(s)

Power HMC 10.1.1010.0, 10.2.1030.0

References

https://www.ibm.com/support/pages/node/7047713

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/260740

vdb-entry

CVSS V3.1

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 16, 2023
Vulnerability Reserved
Jul 14, 2023