IBM AIX and VIOS Root Access Privilege Escalation Vulnerability

CVE Number – CVE-2018-1383

A vulnerability in IBM AIX and VIOS could allow an authenticated, remote attacker to gain elevated privileges on a targeted system.

The vulnerability is due to an unspecified condition that exist within the affected software. An attacker with root access on an attacker-controlled system could exploit this vulnerability to gain root access on a targeted system. A successful exploit could result in a complete system compromise.

IBM has confirmed the vulnerability and released software updates.

Analysis
  • To exploit this vulnerability, an attacker must already have root access on one system in order to gain root access to the targeted system. This access requirement may reduce the likelihood of a successful exploit.
Safeguards
  • Administrators are advised to apply the appropriate updates.

    Administrators are advised to allow only trusted users to have network access.

    Administrators are advised to allow only privileged users to access administration or management systems.

    Administrators are advised to monitor affected systems.

Vendor Announcements
Fixed Software

Leave a Reply