IBM AIX and VIOS Root Access Privilege Escalation Vulnerability
CVE Number – CVE-2018-1383
A vulnerability in IBM AIX and VIOS could allow an authenticated, remote attacker to gain elevated privileges on a targeted system.
The vulnerability is due to an unspecified condition that exist within the affected software. An attacker with root access on an attacker-controlled system could exploit this vulnerability to gain root access on a targeted system. A successful exploit could result in a complete system compromise.
IBM has confirmed the vulnerability and released software updates.
-
To exploit this vulnerability, an attacker must already have root access on one system in order to gain root access to the targeted system. This access requirement may reduce the likelihood of a successful exploit.
-
Administrators are advised to apply the appropriate updates.
Administrators are advised to allow only trusted users to have network access.
Administrators are advised to allow only privileged users to access administration or management systems.
Administrators are advised to monitor affected systems.
-
IBM has released a security advisory at the following link: aixbase_advisory.asc
-
IBM has released software updates at the following links:
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.