Login Sign Up

CVE-2024-27275

7.4 HIGH

📋 TL;DR

This CVE describes a local privilege escalation vulnerability in IBM i operating systems where a non-administrative user can configure a physical file trigger to execute with elevated privileges by tricking another user into accessing a manipulated file. The vulnerability affects IBM i versions 7.2 through 7.5, allowing attackers to gain unauthorized administrative access on affected systems.

💻 Affected Systems

Products:
  • IBM i
Versions: 7.2, 7.3, 7.4, 7.5
Operating Systems: IBM i
Default Config Vulnerable: ⚠️ Yes
Notes: Requires local access to the IBM i system and social engineering to trick another user into accessing the manipulated file.

📦 What is this software?

I by Ibm

View all CVEs affecting I →

I by Ibm

View all CVEs affecting I →

I by Ibm

View all CVEs affecting I →

I by Ibm

View all CVEs affecting I →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker gains full administrative control of the IBM i system, enabling data theft, system modification, persistence establishment, and lateral movement within the environment.

🟠

Likely Case

Local attackers escalate privileges to perform unauthorized administrative actions, potentially compromising sensitive data and system integrity.

🟢

If Mitigated

With proper access controls and monitoring, exploitation attempts can be detected and prevented before privilege escalation occurs.

🌐 Internet-Facing: LOW
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires local access and social engineering, making it more complex than purely technical attacks.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply IBM security updates as specified in advisory

Vendor Advisory: https://www.ibm.com/support/pages/node/7157637

Restart Required: Yes

Instructions:

1. Review IBM advisory 7157637. 2. Apply appropriate PTF (Program Temporary Fix) for your IBM i version. 3. Restart affected services or system as required.

🔧 Temporary Workarounds

Restrict trigger configuration

ibmi

Limit ability to configure physical file triggers to administrative users only

GRTADPAUT AUT(*EXCLUDE) OBJ(QSYS/*ALL) USER(*PUBLIC)
GRTOBJAUT OBJ(QSYS/QATRIGGER) OBJTYPE(*FILE) USER(*PUBLIC) AUT(*EXCLUDE)

🧯 If You Can't Patch

  • Implement strict access controls to limit who can configure file triggers
  • Monitor for unauthorized trigger configuration attempts and file access patterns

🔍 How to Verify

Check if Vulnerable:

Check IBM i version with DSPPTF command and compare against patched versions in IBM advisory

Check Version:

DSPPTF

Verify Fix Applied:

Verify PTF installation with WRKPTFGRP command and confirm trigger configuration requires administrative privileges

📡 Detection & Monitoring

Log Indicators:

  • Unauthorized trigger configuration attempts
  • Unexpected file access by non-administrative users
  • Privilege escalation attempts in audit journals

Network Indicators:

  • Unusual administrative activity from non-admin accounts

SIEM Query:

source="ibm_i_audit" AND (event="trigger_configuration" OR event="privilege_escalation") AND user!="*admin*"

📊 Metadata

CVE ID: CVE-2024-27275
CVSS v3 Score: 7.4 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-266
Published: June 15, 2024
Last Updated: September 29, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-27275, you might also want to check these:

CVE-2026-23800 10.0

This vulnerability allows attackers to escalate privileges in Modular DS modular-connector WordPress...

Same vulnerability type (CWE-266)
CVE-2026-23550 10.0

This critical vulnerability in Modular DS allows attackers to escalate privileges due to incorrect p...

Same vulnerability type (CWE-266)
CVE-2025-41115 10.0

A critical vulnerability in Grafana's SCIM provisioning allows malicious SCIM clients to provision u...

Same vulnerability type (CWE-266)