IBM has recently issued a critical security warning regarding vulnerabilities in its AIX operating system that could allow remote attackers to execute arbitrary commands.
The vulnerabilities, identified as CVE-2024-56346 and CVE-2024-56347, were discovered in the IBM AIX nimesis NIM master service and the nimsh service SSL/TLS protection mechanisms.
The vulnerabilities impact versions 7.2 and 7.3 of the AIX operating system. Here is a summary of the affected products and versions:
Affected Product | Version(s) | Fileset(s) |
AIX | 7.2 | bos.sysmgt.nim.client, bos.sysmgt.nim.master, bos.sysmgt.sysbr |
AIX | 7.3 | bos.sysmgt.nim.client, bos.sysmgt.nim.master, bos.sysmgt.sysbr |
Both vulnerabilities fall under CWE-114: Process Control, which highlights a failure to properly manage the execution of processes, leading to potential security breaches.
Remediation/Fixes
IBM has provided specific fixes for these vulnerabilities through APARs (Authorized Program Analysis Reports) for different versions of AIX:
Additionally, VIOS users can update using APARs specific to their versions. It is crucial to check the installed filesets using the lslpp command and apply the necessary patches to mitigate these serious security risks.
IBM emphasizes the importance of regular system maintenance and prompt application of security fixes to protect against potential threats.
Users should ensure that all affected systems are updated with the latest patches to safeguard their networks.
Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free
A new project has exposed a critical attack vector that exploits protocol vulnerabilities to disrupt…
A threat actor known as #LongNight has reportedly put up for sale remote code execution…
Ivanti disclosed two critical vulnerabilities, identified as CVE-2025-4427 and CVE-2025-4428, affecting Ivanti Endpoint Manager Mobile…
Hackers are increasingly targeting macOS users with malicious clones of Ledger Live, the popular application…
The European Union has escalated its response to Russia’s ongoing campaign of hybrid threats, announcing…
Venice.ai has rapidly emerged as a disruptive force in the AI landscape, positioning itself as…