Login Sign Up

CVE-2024-38330

7.0 HIGH

📋 TL;DR

This vulnerability in IBM System Management for i allows a local user to escalate privileges by exploiting an unqualified library program call. An attacker could execute arbitrary code with administrator privileges on affected IBM i systems. This affects IBM System Management for i versions 7.2, 7.3, and 7.4.

💻 Affected Systems

Products:
  • IBM System Management for i
Versions: 7.2, 7.3, 7.4
Operating Systems: IBM i (formerly OS/400)
Default Config Vulnerable: ⚠️ Yes
Notes: Affects IBM i systems running System Management for i. Requires local user access to exploit.

📦 What is this software?

I by Ibm

View all CVEs affecting I →

I by Ibm

View all CVEs affecting I →

I by Ibm

View all CVEs affecting I →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise where an authenticated local user gains full administrator control over the IBM i system, potentially leading to data theft, system destruction, or persistent backdoor installation.

🟠

Likely Case

Local privilege escalation allowing an authenticated user to gain administrative privileges and execute arbitrary commands on the affected IBM i system.

🟢

If Mitigated

Limited impact if proper access controls restrict local user accounts and privilege separation is enforced, though the vulnerability still exists.

🌐 Internet-Facing: LOW - This requires local access to the IBM i system and cannot be exploited remotely over the internet.
🏢 Internal Only: HIGH - This poses significant risk to internal systems as any authenticated local user could potentially gain administrative privileges.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires local access and understanding of IBM i library program calls. No public exploit code has been identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply IBM PTFs as specified in IBM advisory 7159615

Vendor Advisory: https://www.ibm.com/support/pages/node/7159615

Restart Required: Yes

Instructions:

1. Review IBM advisory 7159615 for specific PTF numbers. 2. Apply the required PTFs through IBM i PTF management. 3. Restart affected services or the entire system as required.

🔧 Temporary Workarounds

Restrict local user access

all

Limit local user accounts to only trusted personnel and implement strict access controls

Implement privilege separation

all

Ensure users only have minimum necessary privileges and monitor for privilege escalation attempts

🧯 If You Can't Patch

  • Implement strict access controls to limit local user accounts
  • Monitor system logs for privilege escalation attempts and unusual administrative activity

🔍 How to Verify

Check if Vulnerable:

Check IBM i version and installed PTFs. Systems running System Management for i 7.2, 7.3, or 7.4 without the required PTFs are vulnerable.

Check Version:

DSPPTF or GO LICPGM on IBM i to check installed PTFs

Verify Fix Applied:

Verify that the PTFs specified in IBM advisory 7159615 are installed and active on the system.

📡 Detection & Monitoring

Log Indicators:

  • Unusual privilege escalation attempts
  • Administrative commands from non-admin users
  • Library program call anomalies

Network Indicators:

  • N/A - This is a local privilege escalation vulnerability

SIEM Query:

Search for privilege escalation events or administrative actions from non-administrative user accounts on IBM i systems

📊 Metadata

CVE ID: CVE-2024-38330
CVSS v3 Score: 7.0 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-427
Published: July 8, 2024
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-38330, you might also want to check these:

CVE-2025-4981 9.9

This vulnerability allows authenticated Mattermost users to write files to arbitrary locations on th...

Same vulnerability type (CWE-427)
CVE-2022-24955 9.8

CVE-2022-24955 is a DLL hijacking vulnerability in Foxit PDF software that allows attackers to execu...

Same vulnerability type (CWE-427)
CVE-2023-25143 9.8

This vulnerability in Trend Micro Apex One Server installer allows attackers to execute arbitrary co...

Same vulnerability type (CWE-427)