Multiple Vulnerabilities have been discovered in IBM AIX, a Unix-based operating system developed by IBM for its Power Servers. The vulnerabilities are tracked as CVE-2024-56346(CVSS:10) and CVE-2024-56347(CVSS:9.6) cause arbitrary code execution. These vulnerabilities could enable malicious actors to install software, manipulate or erase data, or even create new accounts with full administrative privileges, depending on the compromised user’s access level.
Currently, there are no confirmed reports of these vulnerabilities being exploited in real-world attacks. Nevertheless, system administrators are strongly encouraged to implement security patches as they become available to secure their infrastructure.
Companies such as Pure Storage and Hermes Europe are known to use IBM AIX. Moreover, IBM AIX is widely used in mission-critical applications across various sectors like finance, banking, healthcare, and telecommunications in US.
Systems Affected
- IBM AIX 7.2 nimesis NIM Master
- IBM AIX 7.3 nimesis NIM Master
- IBM AIX 7.2 nimsh service SSL/TLS
- IBM AIX 7.3 nimsh service SSL/TLS
Recommendations
Organizations using affected versions of IBM AIX are encouraged to apply available updates and follow IBM’s official guidance to mitigate the risks associated with these vulnerabilities. Maintaining updated security practices and limiting administrative access can reduce potential impacts.
For more info: https://www.ibm.com/support/pages/security-bulletin-aix-vulnerable-arbitrary-command-execution-cve-2024-56346-cve-2024-56347
Follow us on X and Linkedin for the latest cybersecurity news
