Summary: IBM has issued a security bulletin revealing critical vulnerabilities in AIX that may allow remote attackers to execute arbitrary commands. Two main vulnerabilities, CVE-2024-56346 and CVE-2024-56347, are highlighted, both having high CVSS Base Scores of 10 and 9.6 respectively. Affected AIX versions 7.2 and 7.3 are advised to implement fixes immediately to prevent potential exploitation.
Affected: IBM AIX versions 7.2 and 7.3
Keypoints :
- Critical vulnerabilities: CVE-2024-56346 and CVE-2024-56347
- CVE-2024-56346 involves the nimesis NIM master service allowing remote command execution.
- CVE-2024-56347 affects the nimsh service, also permitting remote command execution.
- Vulnerabilities have been assigned CVSS Base Scores of 10 and 9.6, indicating high risk.
- IBM has provided fixes and assigned APARs for affected AIX versions.
- Users should download the AIX fixes immediately for security compliance.
Source: https://securityonline.info/ibm-aix-security-breach-cve-2024-56346-cvss-10-cve-2024-56347-explained/