Executive Summary

Two critical vulnerabilities have been identified in IBM AIX, known as CVE-2024-56346 and CVE-2024-56347. These vulnerabilities pose a significant risk as they allow remote attackers to execute arbitrary commands on affected systems. Immediate attention and action are required to mitigate these vulnerabilities and safeguard your infrastructure.

Technical Information

CVE-2024-56346 and CVE-2024-56347 are critical vulnerabilities in IBM AIX versions 7.2 and 7.3. The first vulnerability, CVE-2024-56346, involves the nimesis NIM master service, which is susceptible to arbitrary command execution due to improper process controls. This vulnerability is categorized under CWE-114: Process Control, with a CVSS Base Score of 10.0, indicating its critical nature. The exploitability of this vulnerability is high, as indicated by the CVSS vector (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).

The second vulnerability, CVE-2024-56347, affects the nimsh service and its SSL/TLS protection mechanisms. Similar to the first, it allows for arbitrary command execution due to improper process controls. This vulnerability also falls under CWE-114: Process Control, with a slightly lower, yet still critical, CVSS Base Score of 9.6. The CVSS vector for this vulnerability is (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H), highlighting its potential for significant impact.

The vulnerabilities affect filesets such as bos.sysmgt.nim.client, bos.sysmgt.nim.master, and bos.sysmgt.sysbr across versions from 7.2.5.0 up to 7.3.3.0. These vulnerabilities are particularly concerning due to the critical nature of the services impacted and the potential for unauthorized remote command execution, which could lead to data breaches, system compromise, and other malicious activities.

Exploitation in the Wild

At present, there are no confirmed reports of these vulnerabilities being exploited in the wild. No specific Advanced Persistent Threat (APT) groups have been identified as leveraging these vulnerabilities for attacks. Despite the absence of known exploitation, the critical nature of these vulnerabilities necessitates immediate attention to mitigate potential risks.

APT Groups using this vulnerability

Currently, there are no identified APT groups exploiting these vulnerabilities. However, the critical nature of these vulnerabilities warrants vigilance and proactive measures to prevent potential future exploitation by threat actors.

Affected Product Versions

The vulnerabilities impact the following IBM AIX versions: IBM AIX 7.2 and IBM AIX 7.3. Specific filesets affected include bos.sysmgt.nim.client, bos.sysmgt.nim.master, and bos.sysmgt.sysbr for versions ranging from 7.2.5.0 up to 7.3.3.0.

Workaround and Mitigation

IBM has released patches to address these critical vulnerabilities. It is imperative that customers apply these fixes promptly. The patches are available for download from IBM's support channels at IBM AIX Fixes. The APARs associated with these patches are IJ53757, IJ53929, IJ53923, and IJ53792 for AIX Level, and IJ53757, IJ53923, and IJ53792 for VIOS Level.

Before applying these patches, it is recommended to back up your system using mksysb to prevent data loss. Detailed installation instructions are provided in the README file included with the patch tar package.

References

• IBM Security Bulletin: IBM Support Page
• CVSS Details: CVSS v3 Guide
• Vulnerabilities reported by Oneconsult AG.

Rescana is here for you

Rescana is committed to helping you manage third-party risks effectively. Our platform provides comprehensive insights into vulnerabilities affecting your supply chain, enabling you to take proactive measures to secure your infrastructure. Should you have any questions regarding this advisory or require further assistance, please don't hesitate to reach out to us at ops at rescana.com.