IBM Personal Communications Vulnerable to Remote Code Execution and Local Privilege Escalation

CVE-2024-25029

9CRITICAL

Key Information

Vendor
IBM
Status
Personal Communications
Vendor
CVE Published:
6 April 2024

Badges

👾 Exploit Exists📰 News Worthy

Summary

IBM Personal Communications 14.0.6 through 15.0.1 includes a Windows service that is vulnerable to remote code execution (RCE) and local privilege escalation (LPE). The vulnerability allows any unprivileged user with network access to a target computer to run commands with full privileges in the context of NT AUTHORITY\SYSTEM. This allows for a low privileged attacker to move laterally to affected systems and to escalate their privileges. IBM X-Force ID: 281619.

Affected Version(s)

Personal Communications <= 15.0.1

News Articles

favicon imageThe Cyber Express

CVE-2024-25029 Affects IBM's Personal Communications

IBM has released an advisory and client update to help users deal with CVE-2024-25029 but have stated that its exploitability is not yet certain.

8 months ago

Refferences

https://www.ibm.com/support/pages/node/7147672
vendor-advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/281619
vdb-entry

CVSS V3.1

Score:
9
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • 👾

    Exploit known to exist

  • First article discovered by The Cyber Express

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database1 News Article(s)
.