IBM Personal Communications Vulnerable to Remote Code Execution and Local Privilege Escalation
CVE-2024-25029

9CRITICAL

Key Information:

Vendor
IBM
Status
Personal Communications
Vendor
CVE Published:
6 April 2024

Badges

👾 Exploit Exists📰 News Worthy

Summary

IBM Personal Communications versions 14.0.6 through 15.0.1 contain a Windows service with a vulnerability that exposes affected systems to remote code execution and local privilege escalation. This vulnerability enables an attacker with unprivileged access and network capabilities to execute commands at the level of NT AUTHORITY\SYSTEM. Consequently, this can lead to unauthorized lateral movement across networks and elevation of privileges, significantly compromising system integrity and security.

Affected Version(s)

Personal Communications 14.0.6 <= 15.0.1

News Articles

favicon imageThe Cyber Express

CVE-2024-25029 Affects IBM's Personal Communications

IBM has released an advisory and client update to help users deal with CVE-2024-25029 but have stated that its exploitability is not yet certain.

10 months ago

References

https://www.ibm.com/support/pages/node/7147672
vendor-advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/281619
vdb-entry

CVSS V3.1

Score:
9
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • 👾

    Exploit known to exist

  • 📰

    First article discovered by The Cyber Express

  • Vulnerability published

  • Vulnerability Reserved

.