Cyber Posture

CVE-2024-56347

Critical

Published: 18 March 2025

Published
18 March 2025
Modified
25 July 2025
KEV Added
Patch
CVSS Score 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
EPSS Score 0.0046 64.1th percentile
Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may abuse Unix shell commands and scripts for execution.

Security Summary

CVE-2024-56347 is a high-severity vulnerability in the nimsh service of IBM AIX 7.2 and 7.3. It arises from improper process controls in the SSL/TLS protection mechanisms, potentially allowing a remote attacker to execute arbitrary commands. The issue has a CVSS v3.1 base score of 9.6 (AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H) and maps to CWE-114 (Process Control). The vulnerability was published on 2025-03-18.

A remote attacker can exploit this over the network with low attack complexity and no privileges required, though user interaction is necessary. Upon successful exploitation, the attacker gains high-impact access to confidentiality, integrity, and availability, with a changed scope, enabling arbitrary command execution on the affected AIX system.

IBM provides details on mitigation in their security bulletin at https://www.ibm.com/support/pages/node/7186621.

Details

CWE(s)
CWE-114

Affected Products

ibm
aix
7.2, 7.3

MITRE ATT&CK Enterprise Techniques

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
attack.mitre.org →
Why these techniques?

The vulnerability enables remote arbitrary command execution on the nimsh service (public-facing with AV:N), directly mapping to T1190 for exploitation of public-facing applications and facilitating T1059.004 for Unix shell command execution on AIX.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References