AIX Vulnerability Allows Non-Privileged Users to Execute Arbitrary Commands

CVE-2024-27260

8.4HIGH

Key Information

Vendor: IBM
Status: Aix
Vendor: Published:; 16 May 2024

Summary

IBM AIX could 7.2, 7.3, VIOS 3.1, and VIOS 4.1 allow a non-privileged local user to exploit a vulnerability in the invscout command to execute arbitrary commands. IBM X-Force ID: 283985.

Affected Version(s)

AIX = 7.2, 7.3, VIOS 3.1, VIOS 4.1

AIX = cpe:2.3:o:ibm:aix:7.2:*:*:*:*:*:*:*

AIX = cpe:2.3:o:ibm:aix:7.3:*:*:*:*:*:*:*

CVSS V3.1

Score:

8.4

Severity:

HIGH

Confidentiality:

HIGH

Integrity:

HIGH

Availability:

HIGH

Attack Complexity:

LOW

Privileges Required:

NONE

User Interaction:

NONE

Scope:

UNCHANGED

Timeline

Vulnerability published.
May 16, 2024
Vulnerability Reserved.
Feb 22, 2024

Collectors

NVD DatabaseMitre Database