Login Sign Up

CVE-2024-31890

7.8 HIGH

📋 TL;DR

This CVE describes a local privilege escalation vulnerability in IBM TCP/IP Connectivity Utilities for i on IBM i 7.3, 7.4, and 7.5. An attacker with command line access to the host operating system can exploit this to gain root privileges. Only IBM i systems running the affected versions with the vulnerable utilities installed are impacted.

💻 Affected Systems

Products:
  • IBM TCP/IP Connectivity Utilities for i
Versions: IBM i 7.3, 7.4, 7.5
Operating Systems: IBM i
Default Config Vulnerable: ⚠️ Yes
Notes: Requires the vulnerable utilities to be installed; systems without them are not affected.

📦 What is this software?

I by Ibm

View all CVEs affecting I →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker with initial access (e.g., via compromised user account) gains full root control of the IBM i operating system, enabling complete system compromise, data theft, persistence, and lateral movement.

🟠

Likely Case

Malicious insiders or attackers who have already breached a user account escalate to root privileges to install malware, steal sensitive data, or disrupt operations.

🟢

If Mitigated

With strict access controls and monitoring, exploitation is limited to authorized users; impact is contained if detected quickly.

🌐 Internet-Facing: LOW
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires local command line access; no public exploit code is known as of the advisory date.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply PTF Group SF99738 Level 11 or later for IBM i 7.3, 7.4, and 7.5 as specified in IBM advisory.

Vendor Advisory: https://www.ibm.com/support/pages/node/7158240

Restart Required: Yes

Instructions:

1. Review IBM advisory for specific PTF details. 2. Apply PTF Group SF99738 Level 11 or higher via IBM i update tools. 3. Restart the system as required.

🔧 Temporary Workarounds

Restrict Command Line Access

all

Limit user access to command line interfaces to reduce attack surface.

🧯 If You Can't Patch

  • Implement strict least-privilege access controls and monitor for suspicious privilege escalation attempts.
  • Isolate affected systems from critical networks and enforce strong authentication for all user accounts.

🔍 How to Verify

Check if Vulnerable:

Check if IBM i version is 7.3, 7.4, or 7.5 and if TCP/IP Connectivity Utilities are installed without the patched PTF.

Check Version:

DSPPTF LICPGM(5770TC1) on IBM i command line to check PTF status.

Verify Fix Applied:

Verify PTF Group SF99738 Level 11 or later is applied using IBM i PTF management commands.

📡 Detection & Monitoring

Log Indicators:

  • Unusual privilege escalation events in system logs
  • Failed or successful attempts to access restricted commands

Network Indicators:

  • None specific; this is a local exploit

SIEM Query:

Search for events related to user privilege changes or command execution on IBM i systems.

📊 Metadata

CVE ID: CVE-2024-31890
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-250
Published: June 21, 2024
Last Updated: July 17, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-31890, you might also want to check these:

CVE-2022-1517 10.0

CVE-2022-1517 is a critical vulnerability in LRM (likely a network management system) that allows un...

Same vulnerability type (CWE-250)
CVE-2025-32445 9.9

This CVE allows authenticated users with EventSource/Sensor CRUD permissions in Argo Events to escal...

Same vulnerability type (CWE-250)
CVE-2024-8767 9.9

This CVE allows attackers to access and manipulate sensitive data due to excessive privileges assign...

Same vulnerability type (CWE-250)