IBM Warns of AIX Vulnerabilities Allowing Arbitrary Command Execution

IBM has recently issued a critical security warning regarding vulnerabilities in its AIX operating system that could allow remote attackers to execute arbitrary commands.

The vulnerabilities, identified as CVE-2024-56346 and CVE-2024-56347, were discovered in the IBM AIX nimesis NIM master service and the nimsh service SSL/TLS protection mechanisms.

Affected Product

The vulnerabilities impact versions 7.2 and 7.3 of the AIX operating system. Here is a summary of the affected products and versions:

Affected Product	Version(s)	Fileset(s)
AIX	7.2	bos.sysmgt.nim.client, bos.sysmgt.nim.master, bos.sysmgt.sysbr
AIX	7.3	bos.sysmgt.nim.client, bos.sysmgt.nim.master, bos.sysmgt.sysbr

Vulnerability Details

• CVE-2024-56346: This vulnerability affects the IBM AIX nimesis NIM master service, allowing a remote attacker to execute arbitrary commands due to improper process controls. The CVSS Base Score is 10, indicating a high severity level.
• CVE-2024-56347: This vulnerability affects the IBM AIX nimsh service SSL/TLS protection mechanisms. Similar to CVE-2024-56346, it also allows remote attackers to execute arbitrary commands due to improper process controls. The CVSS Base Score is 9.6, indicating a severe impact.

Both vulnerabilities fall under CWE-114: Process Control, which highlights a failure to properly manage the execution of processes, leading to potential security breaches.

Remediation/Fixes

IBM has provided specific fixes for these vulnerabilities through APARs (Authorized Program Analysis Reports) for different versions of AIX:

• AIX 7.2.5: APAR IJ53757 with Service Pack 10.
• AIX 7.3.1: APAR IJ53929.
• AIX 7.3.2: APAR IJ53923 with Service Pack 04.
• AIX 7.3.3: APAR IJ53792 with Service Pack 01.

Additionally, VIOS users can update using APARs specific to their versions. It is crucial to check the installed filesets using the lslpp command and apply the necessary patches to mitigate these serious security risks.

IBM emphasizes the importance of regular system maintenance and prompt application of security fixes to protect against potential threats.

Users should ensure that all affected systems are updated with the latest patches to safeguard their networks.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free