A high-severity vulnerability has been identified in a core communication component (aoc_ipc_core) across multiple products from the vendor "In". This flaw could allow a local attacker to send a malicious message to the affected service, potentially leading to arbitrary code execution, privilege escalation, or a system crash, posing a significant risk to system integrity and availability.

The vulnerability exists within the aoc_service_read_message function of the aoc_ipc_core component. This function is responsible for processing Inter-Process Communication (IPC) messages. A flaw in how these messages are handled, likely a buffer overflow or improper input validation, allows a local attacker to send a specially crafted message. Successful exploitation could corrupt memory, leading to arbitrary code execution with the privileges of the service or a Denial of Service (DoS) by crashing the affected component.

This is a high-severity vulnerability with a CVSS score of 7.8. Successful exploitation could grant an attacker with low-level access the ability to escalate their privileges to a higher level, potentially gaining administrative control over the affected system. This could lead to a complete compromise of data confidentiality and integrity, unauthorized system modifications, or the deployment of further malware. Alternatively, an attacker could trigger a Denial of Service condition, causing critical system services to become unavailable and disrupting business operations.

Immediate Action: Apply the security updates provided by the vendor to all affected systems immediately. Prioritize patching on critical systems to mitigate the risk of exploitation. After patching, review system and application logs for any signs of compromise that may have occurred prior to the update.

Proactive Monitoring: Implement enhanced monitoring on affected systems. Security teams should look for crash logs related to the aoc_service, unexpected system reboots, or anomalous behavior from processes associated with the aoc_ipc_core. Monitor for unauthorized processes being spawned with elevated privileges, which could indicate a successful privilege escalation attack.

Compensating Controls: If immediate patching is not feasible, implement compensating controls to reduce the risk. Enforce the principle of least privilege for all user and service accounts to limit the impact of a potential privilege escalation. Utilize application control or whitelisting solutions to prevent the execution of unauthorized code. Deploy and configure an Endpoint Detection and Response (EDR) solution to detect and block suspicious memory manipulation or process injection techniques.

Public Exploit Available: false

Due to the high severity rating (CVSS 7.8) and the potential for privilege escalation or a system-wide Denial of Service, this vulnerability presents a significant risk to the organization. We strongly recommend that all system administrators prioritize the immediate testing and deployment of the vendor-supplied security patches across all affected assets. Although this vulnerability is not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog, its severity warrants immediate attention to prevent potential future exploitation.