Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
Warning: Critical vulnerabilities CVE-2024-56346 (10.0) in IBM aix 7.2/7.3 nimesis nim master, and CVE-2024-56347 (9.6) in nimsh service ssl/tls allow remote code execution
Image
Published : 19/03/2025
- Last update: 19/03/2025
- Affected software:: IBM AIX 7.2/7.3 nimesis NIM master and IBM AIX 7.2/7.3 nimsh service SSL/TLS
- Type: Process Control (CWE-114)
- CVE/CVSS
CVE-2024-56346: CVSS 10 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVE-2024-56347: CVSS 9.6 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
Sources
https://www.ibm.com/support/pages/node/7186621
Risks
Successful exploitation of this vulnerability in various versions of IBM AIX 7.2/7.3 nimesis NIM master, and IBM AIX 7.2/7.3 nimsh service SSL/TLS, could lead to remote code execution. This may allow attackers to execute malicious commands, escalating their access and potentially compromising the entire network or connected devices.
This vulnerability has a significant impact on confidentiality, integrity, and availability.
There is no evidence that a public proof-of-concept exists. There is no evidence of proof of active exploitation at the moment.
Description
IBM AIX 7.2/7.3 nimesis NIM master, and IBM AIX 7.2/7.3 nimsh service SSL/TLS could allow a remote attacker to execute arbitrary commands due to improper process controls.
By exploiting this vulnerability, a threat actor can:
- Execute arbitrary code remotely, gaining full control over the device.
- Escalate privileges to gain admin access.
- Install malware, establishing persistence.
- Steal or corrupt sensitive data.
- Disrupt or disable services, causing operational downtime.
- Takeover the device completely.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via:< https://ccb.belgium.be/cert/report-incident>.
References
https://nvd.nist.gov/vuln/detail/CVE-2024-56346
https://nvd.nist.gov/vuln/detail/CVE-2024-56347