CVE-2024-56346

Critical

Published: 18 March 2025

Published

18 March 2025

Modified

25 July 2025

KEV Added

—

Patch

—

CVSS Score 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS Score 0.0033 56.1th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-56346 is a critical-severity Process Control (CWE-114) vulnerability in Ibm Aix. Its CVSS base score is 10.0 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 43.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-39 (Process Isolation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SC-39 Process Isolation good match

prevent

Directly enforces process isolation for the nimesis NIM master service to mitigate improper process controls that enable remote arbitrary command execution.

SI-2 Flaw Remediation good match

prevent

Requires timely identification, reporting, and remediation of the specific flaw in IBM AIX NIM master service, eliminating the vulnerability.

AC-6 Least Privilege partial match

prevent

Limits the impact of arbitrary command execution by enforcing least privilege on NIM master service processes, reducing potential system compromise.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1059.004 Unix Shell Execution

Adversaries may abuse Unix shell commands and scripts for execution.

attack.mitre.org →

Why these techniques?

Vulnerability enables remote unauthenticated arbitrary command execution on a network-accessible service (NIM master), directly supporting exploitation of public-facing applications (T1190) and execution via Unix shell (T1059.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

IBM AIX 7.2 and 7.3 nimesis NIM master service could allow a remote attacker to execute arbitrary commands due to improper process controls.

Deeper analysisAI

CVE-2024-56346 is a critical vulnerability affecting the nimesis NIM master service in IBM AIX 7.2 and 7.3. It arises from improper process controls (CWE-114), which could allow a remote attacker to execute arbitrary commands. Published on 2025-03-18, the flaw has a CVSS v3.1 base score of 10.0 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H), indicating maximum severity due to its network accessibility and potential for complete system compromise.

An unauthenticated attacker can exploit this vulnerability remotely over the network with low attack complexity and no user interaction required. Exploitation grants high impacts across confidentiality, integrity, and availability, enabling arbitrary command execution on the affected NIM master service and potentially leading to full control over the AIX system.

IBM has published an advisory with details on the vulnerability at https://www.ibm.com/support/pages/node/7186621.

Details

CWE(s): CWE-114

Affected Products

ibm

aix

7.2, 7.3

CVEs Like This One

CVE-2024-56347Same product: Ibm Aix

CVE-2025-36251Same product: Ibm Aix

CVE-2025-36250Same product: Ibm Aix

CVE-2025-0160Same vendor: Ibm

CVE-2025-36236Same product: Ibm Aix

CVE-2025-13688Same vendor: Ibm

CVE-2025-13686Same vendor: Ibm

CVE-2025-13687Same vendor: Ibm

CVE-2024-49352Same vendor: Ibm

CVE-2025-3320Same vendor: Ibm

References

https://www.ibm.com/support/pages/node/7186621
Vendor Advisory · psirt@us.ibm.com