CVE-2023-38721

The IBM i 7.2, 7.3, 7.4, and 7.5 product Facsimile Support for i contains a local privilege escalation vulnerability. A malicious actor could gain access to a command line with elevated privileges allowing root access to the host operating system. IBM X-Force ID: 262173.

Weakness

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Affected Software

Name	Vendor	Start Version	End Version
I	Ibm	7.2 (including)	7.2 (including)
I	Ibm	7.3 (including)	7.3 (including)
I	Ibm	7.4 (including)	7.4 (including)
I	Ibm	7.5 (including)	7.5 (including)

Potential Mitigations

https://cwe.mitre.org/data/definitions/122.html
https://cwe.mitre.org/data/definitions/233.html
https://cwe.mitre.org/data/definitions/58.html

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/262173
https://www.ibm.com/support/pages/node/7023423
https://exchange.xforce.ibmcloud.com/vulnerabilities/262173
https://www.ibm.com/support/pages/node/7023423

NVD	https://nvd.nist.gov/vuln/detail/CVE-2023-38721
CWE	https://cwe.mitre.org/data/definitions/269.html

Improper Privilege Management

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References