CNVD-2024-15371 — Vulnetix

CNVD-2024-15371 PUBLISHED CVSS 8.399999618530273 HIGH

IBM AIX是美国国际商业机器（IBM）公司的一款为IBM Power体系架构开发的一种基于开放标准的UNIX操作系统。 IBM AIX 7.3版本，VIOS 4.1版本存在命令执行漏洞，该漏洞源于Perl未能正确过滤构造命令特殊字符、命令等。攻击者可利用该漏洞导致任意命令执行。

Risk Scores

CVSS 3.1

8.399999618530273

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
IBM	AIX	7.3, VIOS 4.1
ibm	aix	7.3

Exploit Intelligence

https://www.ibm.com/support/pages/node/7122628 (circl)
https://exchange.xforce.ibmcloud.com/vulnerabilities/281320 (circl)
CIRCL seen: CVE-2024-25021 (circl-sighting)
CIRCL seen: CVE-2024-25021 (circl-sighting)
CIRCL seen: CVE-2024-25021 (circl-sighting)

Timeline

Feb 22, 2024 CVE Published
Feb 22, 2024 PoC Published
Feb 22, 2024 PoC Published
Mar 13, 2024 PoC Published
Mar 14, 2024 CVE ID Reserved

References

https://www.ibm.com/support/pages/node/7122628 vendor-advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/281320 url

Open in Interactive Console →

$ Console Community · 100/wk Open console ›