CVE-2024-25029

Name of the Vulnerable Software and Affected Versions IBM Personal Communications versions 14.0.6 through 15.0.1

Description The vulnerability allows any unprivileged user with network access to a target computer to run commands with full privileges in the context of NT AUTHORITYSYSTEM. This enables a low-privileged attacker to move laterally to affected systems and escalate their privileges. The issue concerns a Windows service that is vulnerable to remote code execution (RCE) and local privilege escalation (LPE).

Recommendations For IBM Personal Communications versions 14.0.6 through 15.0.1, consider disabling the vulnerable Windows service as a temporary workaround until a patch is available. Restrict access to the system to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.