IBM Personal Communications Vulnerable to Remote Code Execution and Local Privilege Escalation

CVE-2024-25029

9CRITICAL

Key Information

Vendor: IBM
Status: Personal Communications
Vendor: CVE Published:; 6 April 2024

Badges

👾 Exploit Exists📰 News Worthy

Summary

IBM Personal Communications 14.0.6 through 15.0.1 includes a Windows service that is vulnerable to remote code execution (RCE) and local privilege escalation (LPE). The vulnerability allows any unprivileged user with network access to a target computer to run commands with full privileges in the context of NT AUTHORITY\SYSTEM. This allows for a low privileged attacker to move laterally to affected systems and to escalate their privileges. IBM X-Force ID: 281619.

Affected Version(s)

Personal Communications <= 15.0.1

News Articles

The Cyber Express

CVE-2024-25029

CVE-2024-25029 Affects IBM's Personal Communications

IBM has released an advisory and client update to help users deal with CVE-2024-25029 but have stated that its exploitability is not yet certain.

7 months ago

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

👾
Exploit exists.
Apr 9, 2024
First article discovered by The Cyber Express
Apr 9, 2024
Vulnerability published.
Apr 6, 2024
Vulnerability Reserved.
Feb 3, 2024

Collectors

NVD DatabaseMitre Database1 News Article(s)