CVE-2024-27260

CWE-2503 documents3 sources

Severity

8.4HIGH

EPSS

0.1%

top 77.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM AIX IBM Vios

Timeline

PublishedMay 16

Description

IBM AIX could 7.2, 7.3, VIOS 3.1, and VIOS 4.1 allow a non-privileged local user to exploit a vulnerability in the invscout command to execute arbitrary commands. IBM X-Force ID: 283985.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.5 | Impact: 5.9

Affected Packages3 packages

▶NVDibm/vios3.1, 4.1+1

▶CVEListV5ibm/aix7.2, 7.3, VIOS 3.1, VIOS 4.1

▶NVDibm/aix7.2, 7.3+1

🔴Vulnerability Details

CVEList

IBM AIX command execution↗2024-05-16

▶

GHSA

GHSA-93fp-jhr5-hvm4: IBM AIX could 7↗2024-05-16

▶