IBM patches two critical flaws in AIX, urges quick patching
Take action: If you are running IBM AIX, review this advisory in detail. Obviously, first make sure your IBM AIX systems are accessible only from trusted networks. Then proceed to plan a quick patch cycle, because the severity of these flaws can't be ignored - even with all the isolation around the systems, someone will reach them.
Learn More
IBM has issued a security bulletin addressing two critical vulnerabilities in its Advanced Interactive eXecutive (AIX) operating system. Both vulnerabilities can be exploited remotely in low-complexity attacks. These flaws affect AIX's Network Installation Management (NIM) system, which manages AIX OS installations.
Vulnerability summary
- CVE-2024-56346 (CVSS score 10) - A vulnerability in the IBM AIX nimesis NIM master service that could allow a remote attacker to execute arbitrary commands due to improper process controls. This vulnerability requires no privileges and no user interaction.
- CVE-2024-56347 (CVSS score 9.6) - A vulnerability in the IBM AIX nimsh service SSL/TLS protection mechanisms that could allow a remote attacker to execute arbitrary commands due to improper process controls. This vulnerability requires some level of user interaction.
The vulnerabilities affect IBM AIX versions 7.2 and 7.3, specifically the following filesets:
- bos.sysmgt.nim.client
- bos.sysmgt.nim.master
- bos.sysmgt.sysbr
The vulnerabilities also affect multiple Virtual I/O Server (VIOS) versions, including 3.1.4, 4.1.0, and 4.1.1.
A successful exploit could potentially allow attackers to access sensitive data, deploy ransomware, corrupt backups, install backdoors, or compromise critical applications used by financial institutions and healthcare organizations. Given that AIX is used for critical applications and is a known target for espionage activities, immediate patching is strongly recommended.
IBM has released fixes for both vulnerabilities and strongly recommends addressing them immediately. The fixes can be downloaded via HTTPS from: https://aix.software.ibm.com/aix/efixes/security/nim_fix.tar
IBM has assigned the following APARs (Authorized Program Analysis Reports) to these issues:
- For AIX 7.2.5: APAR IJ53757 (SP10)
- For AIX 7.3.1: APAR IJ53929
- For AIX 7.3.2: APAR IJ53923 (SP04)
- For AIX 7.3.3: APAR IJ53792 (SP01)
Detailed installation instructions and interim fix packages for both NIM clients and masters are available in the security bulletin.
No workarounds or temporary mitigations are available for these vulnerabilities. The only effective remediation is to apply the appropriate patches.
The number of affected individuals and the value of potential incidents are not disclosed by IBM. Users can check their current AIX version with the command lslpp -L | grep -i bos.sysmgt.nim.client to determine if they are running vulnerable versions.
