Permissions, Privileges, and Access Controls in IBM AIX - CVE-2024-27273
Published: May 7, 2024
Vulnerability identifier: #VU89225
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-27273
CWE-ID: CWE-264
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: IBM Corporation
Affected software:
IBM AIX
IBM AIX
Detailed vulnerability description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to IBM AIX's Unix domain datagram socket implementation could potentially expose applications using Unix domain datagram sockets with SO_PEERID operation. A local user can exploit the vulnerability to bypass security restrictions bypass and escalate privileges on a system.
How to mitigate CVE-2024-27273
Install updates from vendor's website.