Lucene search

IbmCVELIST:CVE-2023-40685

HistoryOct 29, 2023 - 1:00 a.m.

CVE-2023-40685 IBM i privilege escalation

2023-10-2901:00:45

CWE-269

ibm

www.cve.org

ibm i

privilege escalation

management central

vulnerability

root access

CVSS3

7.4

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

Percentile

5.1%

JSON

Management Central as part of IBM i 7.2, 7.3, 7.4, and 7.5 Navigator contains a local privilege escalation vulnerability. A malicious actor with command line access to the operating system can exploit this vulnerability to elevate privileges to gain root access to the operating system. IBM X-Force ID: 264116.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "i",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "7.2, 7.3, 7.4, 7.5"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/264116

www.ibm.com/support/pages/node/7060686

CVSS3

7.4

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVELIST:CVE-2023-40685