CVE-2024-56347
Published: 18 March 2025
Summary
CVE-2024-56347 is a critical-severity Process Control (CWE-114) vulnerability in Ibm Aix. Its CVSS base score is 9.6 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 35.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SC-39 (Process Isolation).
Deeper analysis
CVE-2024-56347 is a high-severity vulnerability in the nimsh service of IBM AIX 7.2 and 7.3. It arises from improper process controls in the SSL/TLS protection mechanisms, potentially allowing a remote attacker to execute arbitrary commands. The issue has a CVSS v3.1 base score of 9.6 (AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H) and maps to CWE-114 (Process Control). The vulnerability was published on 2025-03-18.
A remote attacker can exploit this over the network with low attack complexity and no privileges required, though user interaction is necessary. Upon successful exploitation, the attacker gains high-impact access to confidentiality, integrity, and availability, with a changed scope, enabling arbitrary command execution on the affected AIX system.
IBM provides details on mitigation in their security bulletin at https://www.ibm.com/support/pages/node/7186621.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-54094
Vulnerability details
IBM AIX 7.2 and 7.3 nimsh service SSL/TLS protection mechanisms could allow a remote attacker to execute arbitrary commands due to improper process controls.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability enables remote arbitrary command execution on the nimsh service (public-facing with AV:N), directly mapping to T1190 for exploitation of public-facing applications and facilitating T1059.004 for Unix shell command execution on AIX.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly remediates the vulnerability by applying IBM patches to fix improper process controls in the nimsh SSL/TLS mechanisms.
Enforces process isolation to counter improper process controls that enable arbitrary command execution in the nimsh service.
Applies least privilege to the nimsh service process, limiting the scope and impact of arbitrary command execution by a remote attacker.