Cyber Resilience

CVE-2024-56346

Critical

Published: 18 March 2025

Published
18 March 2025
Modified
25 July 2025
KEV Added
Patch
CVSS Score v3.1 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0033 56.5th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-56346 is a critical-severity Process Control (CWE-114) vulnerability in Ibm Aix. Its CVSS base score is 10.0 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 43.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-39 (Process Isolation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2024-56346 is a critical vulnerability affecting the nimesis NIM master service in IBM AIX 7.2 and 7.3. It arises from improper process controls (CWE-114), which could allow a remote attacker to execute arbitrary commands. Published on 2025-03-18, the flaw has a CVSS v3.1 base score of 10.0 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H), indicating maximum severity due to its network accessibility and potential for complete system compromise.

An unauthenticated attacker can exploit this vulnerability remotely over the network with low attack complexity and no user interaction required. Exploitation grants high impacts across confidentiality, integrity, and availability, enabling arbitrary command execution on the affected NIM master service and potentially leading to full control over the AIX system.

IBM has published an advisory with details on the vulnerability at https://www.ibm.com/support/pages/node/7186621.

EU & UK References

Vulnerability details

IBM AIX 7.2 and 7.3 nimesis NIM master service could allow a remote attacker to execute arbitrary commands due to improper process controls.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
Why these techniques?

Vulnerability enables remote unauthenticated arbitrary command execution on a network-accessible service (NIM master), directly supporting exploitation of public-facing applications (T1190) and execution via Unix shell (T1059.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2024-56347Same product: Ibm Aix
CVE-2025-36251Same product: Ibm Aix
CVE-2025-36250Same product: Ibm Aix
CVE-2025-36236Same product: Ibm Aix
CVE-2025-0160Same vendor: Ibm
CVE-2025-13686Same vendor: Ibm
CVE-2026-5935Same vendor: Ibm
CVE-2025-13688Same vendor: Ibm
CVE-2025-13687Same vendor: Ibm
CVE-2026-8633Same vendor: Ibm

Affected Assets

ibm
aix
7.2, 7.3

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces process isolation for the nimesis NIM master service to mitigate improper process controls that enable remote arbitrary command execution.

prevent

Requires timely identification, reporting, and remediation of the specific flaw in IBM AIX NIM master service, eliminating the vulnerability.

prevent

Limits the impact of arbitrary command execution by enforcing least privilege on NIM master service processes, reducing potential system compromise.

References