Local Privilege Escalation in IBM RPA 21-23 via nssm.exe
CVE-2024-51448 Published on January 18, 2025
IBM Robotic Process Automation privilege escalation
IBM Robotic Process Automation 21.0.0 through 21.0.7.17 and 23.0.0 through 23.0.18 could allow a local user to escalate their privileges. All files in the install inherit the file permissions of the parent directory and therefore a non-privileged user can substitute any executable for the nssm.exe service. A subsequent service or server restart will then run that binary with administrator privilege.
Vulnerability Analysis
CVE-2024-51448 is exploitable with local system access, and requires user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Weakness Type
Insecure Inherited Permissions
A product defines a set of insecure permissions that are inherited by objects that are created by the program.
Products Associated with CVE-2024-51448
Want to know whenever a new CVE is published for IBM Robotic Process Automation? stack.watch will email you.
Affected Versions
IBM Robotic Process Automation:- Version 21.0.0, <= 21.0.7.17 is affected.
- Version 23.0.0, <= 23.0.18 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.