CVE-2024-27275 is a local privilege escalation vulnerability affecting IBM i operating system versions 7.2, 7.3, 7.4, and 7.5. The vulnerability arises from an incorrect privilege assignment (CWE-266) where the system allows a local user without administrator privileges to configure a physical file trigger. This trigger can be set to execute with the privileges of another user who has access to the targeted file, potentially obtained through social engineering. Essentially, the attacker can escalate their privileges by leveraging the trigger mechanism to run code with elevated rights, bypassing intended access controls. The root cause is insufficient authority checks when configuring trigger support, which should require administrator-level privileges but currently does not. The vulnerability has a CVSS 3.1 base score of 7.4, indicating a high severity level. The attack vector is local (AV:L), requiring high attack complexity (AC:H), no privileges (PR:N), and no user interaction (UI:N). The impact on confidentiality, integrity, and availability is high (C:H/I:H/A:H), meaning successful exploitation can lead to full system compromise. No known exploits are reported in the wild yet, but the vulnerability is publicly disclosed and should be addressed promptly. The fix involves enforcing administrator privilege requirements for configuring physical file triggers to prevent unauthorized privilege escalation.

For European organizations using IBM i systems, this vulnerability poses a significant risk. IBM i is widely used in industries such as banking, manufacturing, retail, and logistics, sectors critical to European economies. Exploitation could allow attackers with local access—potentially through compromised accounts or insider threats—to escalate privileges and gain control over sensitive data and system functions. This could lead to data breaches, disruption of business operations, and potential regulatory non-compliance under GDPR due to unauthorized access to personal data. The high impact on confidentiality, integrity, and availability means attackers could manipulate or destroy data, disrupt services, or move laterally within networks. Given the local attack vector, organizations with multiple users having physical or remote console access are at higher risk. Additionally, social engineering to gain access to the target file user credentials increases the attack surface. The absence of known exploits in the wild provides a window for proactive mitigation, but the high severity score demands urgent attention.

European organizations should immediately review and restrict local user permissions on IBM i systems to limit who can configure physical file triggers. Enforce strict administrator privilege requirements for any trigger configuration, aligning with the vendor's forthcoming patch or configuration guidance. Implement robust access controls and monitoring to detect unauthorized trigger creation or modification. Conduct user awareness training to reduce the risk of social engineering attacks that could expose privileged user credentials. Employ network segmentation and limit local access to IBM i systems to trusted personnel only. Regularly audit system logs for suspicious activities related to file triggers. Since no patch links are currently available, organizations should monitor IBM security advisories for updates and apply patches as soon as they are released. Additionally, consider deploying endpoint detection and response (EDR) solutions capable of identifying anomalous privilege escalation behaviors on IBM i platforms.