First published: Wed May 15 2024(Updated: )
IBM AIX could 7.2, 7.3, VIOS 3.1, and VIOS 4.1 allow a non-privileged local user to exploit a vulnerability in the invscout command to execute arbitrary commands. IBM X-Force ID: 283985.
Credit: psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM AIX | <=7.2 | |
IBM AIX | <=7.3 | |
IBM Virtual I/O Server (VIOS) | <=3.1 | |
IBM Virtual I/O Server (VIOS) | <=4.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-27260 is considered a high-severity vulnerability due to its potential for arbitrary command execution by a non-privileged local user.
To fix CVE-2024-27260, update your IBM AIX or VIOS to the latest patched version provided by IBM.
CVE-2024-27260 affects IBM AIX versions 7.2 and 7.3, as well as VIOS versions 3.1 and 4.1.
CVE-2024-27260 allows a non-privileged local user to exploit the invscout command to execute arbitrary commands.
CVE-2024-27260 was disclosed in 2024, and affected users should take immediate action to mitigate the vulnerability.