CVE-2024-25029
CVSS V2 None
CVSS V3 None
Description
IBM Personal Communications 14.0.6 through 15.0.1 includes a Windows service that is vulnerable to remote code execution (RCE) and local privilege escalation (LPE). The vulnerability allows any unprivileged user with network access to a target computer to run commands with full privileges in the context of NT AUTHORITY\SYSTEM. This allows for a low privileged attacker to move laterally to affected systems and to escalate their privileges. IBM X-Force ID: 281619.
Overview
- CVE ID
- CVE-2024-25029
- Assigner
- ibm
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-04-06T11:51:45.548Z
- Last Modified Date
- 2024-06-19T22:10:54.453Z
Weakness Enumerations
References
Reference URL | Reference Tags |
---|---|
https://www.ibm.com/support/pages/node/7147672 | vendor-advisory |
https://exchange.xforce.ibmcloud.com/vulnerabilities/281619 | vdb-entry |
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-25029 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25029 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2024-06-26 13:02:37 | Added to TrackCVE |