Unknown
CVE-2023-30988
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
Add References:
CVE-2023-30988
MITRE ATT&CK
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Topic Tags
Description
The IBM i 7.2, 7.3, 7.4, and 7.5 product Facsimile Support for i contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain root access to the host operating system. IBM X-Force ID: 254016.
Add Assessment
Ratings
Technical Analysis
Based on the published details the vulnerable program object executes with *OWNER privileges (similarly to how SUID executables work), but use the Library List (similar to the PATH environment variable) of the executing user, who can thus replace program dependencies to make their code execute in the context of a different user profile. This other user profile (QAUTPROF) has authority to impersonate QFAXMSF (also installed as part of the vulnerable software package), that has *ALLOBJ (“All Object” – similar to uid=0) special authority on the system. This is a local privilege escalation from any user profile (with command line access) to complete control over the system.
Would you also like to delete your Exploited in the Wild Report?
Delete Assessment Only Delete Assessment and Exploited in the Wild ReportCVSS V3 Severity and Metrics
General Information
Vendors
- ibm
Products
- i 7.2,
- i 7.3,
- i 7.4,
- i 7.5
References
Additional Info
Technical Analysis
Report as Emergent Threat Response
Report as Exploited in the Wild
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
