Arbitrary Command Execution Vulnerability in IBM AIX and VIOS
CVE-2024-47115

7.8HIGH

Key Information:

Vendor: IBM
Status: Aix
Vendor: CVE Published:; 7 December 2024

Summary

A vulnerability exists in IBM AIX versions 7.2 and 7.3, as well as VIOS versions 3.1 and 4.1, which could allow local users to execute arbitrary commands on affected systems. This issue arises from improper neutralization of user input. Attackers leveraging this vulnerability may exploit it to gain unauthorized access to system functionalities, potentially compromising the integrity and confidentiality of the affected systems. Prompt remediation is recommended to mitigate risks associated with this vulnerability.

Affected Version(s)

AIX 7.2, 7.3, VIOS 3.1, VIOS 4.1

References

https://www.ibm.com/support/pages/node/7178033

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 7, 2024
Vulnerability Reserved
Sep 18, 2024