IBM Personal Communications 14.0.6 through 15.0.1 includes a Windows service that is vulnerable to remote code execution (RCE) and local privilege escalation (LPE). The vulnerability allows any unprivileged user with network access to a target computer to run commands with full privileges in the context of NT AUTHORITY\SYSTEM. This allows for a low privileged attacker to move laterally to affected systems and to escalate their privileges. IBM X-Force ID: 281619.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: ibm
Published: 2024-04-06T11:51:45.548Z
Updated: 2024-06-19T22:10:54.453Z
Reserved: 2024-02-03T14:49:11.962Z
Link: CVE-2024-25029
JSON object: View
NVD Information
Status : Awaiting Analysis
Published: 2024-04-06T12:15:08.400
Modified: 2024-04-08T18:48:40.217
Link: CVE-2024-25029
JSON object: View
Redhat Information
No data.
CWE