IBM AIX command execution
CVE-2023-45168

7.8HIGH

Key Information:

Vendor: IBM
Status: AIX
Vendor: CVE Published:; 1 December 2023

Summary

A vulnerability exists in IBM AIX versions 7.2 and 7.3, as well as VIOS 3.1, which could allow a non-privileged local user to exploit the invscout command. This vulnerability may enable the execution of arbitrary commands, potentially compromising the system's integrity and security. Proper mitigations and patches are advised to safeguard affected systems.

Affected Version(s)

AIX 7.2, 7.3, VIOS 3.1

References

https://www.ibm.com/support/pages/node/7086090

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/267966

vdb-entry

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 1, 2023
Vulnerability Reserved
Oct 5, 2023