CVE-2020-4552

Vulnerability

IBM i2 Analyst Notebook version 9.2.1 is affected by a memory corruption vulnerability [1]. The bug resides in the parsing of specially-crafted files. An attacker can trigger the vulnerability by crafting a malicious file that exploits the memory corruption when opened by a user. The vulnerability is present in the default configuration; no special settings are required.

Exploitation

Exploitation requires a local attacker to convince a victim to open a malicious file. The attacker must have the ability to deliver the file to the victim (e.g., via email, download, or removable media). No authentication is needed, but user interaction is required. The attacker does not need any special privileges on the system. The sequence involves crafting a file that triggers memory corruption upon parsing by the application.

Impact

Successful exploitation allows the attacker to execute arbitrary code on the victim's system with the privileges of the user running IBM i2 Analyst Notebook. This can lead to full compromise of the affected system, including data theft, installation of malware, or further lateral movement. The CVSS base score is 7.8 (High) [1].

Mitigation

IBM has released a security update to address this vulnerability. Users should apply the latest fix pack or update as specified in the IBM security bulletin [1]. No workarounds are documented. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog as of the publication date.