A recent security vulnerability has been discovered in IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 operating systems with the potential to allow a non-privileged local user to execute arbitrary commands. The vulnerability exists in the "invscout" command and has been assigned the CVE-2023-28528 identifier. IBM X-Force ID for this vulnerability is 251207.

In this article, we will cover the details of the vulnerability, provide information on how to determine if your system is affected, and offer suggestions on how to mitigate risks associated with the vulnerability.

Details

The vulnerability in question allows a non-privileged local user to exploit the "invscout" command in order to execute commands of their choosing. "invscout" is a command-line utility provided by IBM in its AIX and VIOS operating systems to gather system inventory information.

An attacker could leverage this vulnerability to perform unauthorized actions on the affected system, potentially leading to data loss, unauthorized access, or other security breaches.

Here's a simple example demonstrating the vulnerability

$ id
uid=999(nonprivileged) gid=999(nonprivileged) groups=999(nonprivileged)

$ invscout -g ';/your/command/here;#'

By manipulating the command parameters and executing the "invscout" command, a non-privileged local user can execute arbitrary commands on the affected system.

References

IBM Security Bulletin: https://www.ibm.com/support/pages/node/6728604
IBM X-Force Exchange: https://exchange.xforce.ibmcloud.com/vulnerabilities/251207
CVE Details: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28528

Detection

To determine if your system is affected by this vulnerability, check the OS version by running the following command:

$ oslevel -s

If your system's output indicates one of the vulnerable versions mentioned above, it is recommended that you take appropriate action to protect your system.

Mitigation

IBM has released updates to address this vulnerability. It is highly recommended that affected systems be updated as soon as possible to patch the vulnerability and protect against potential exploits.

Follow the IBM Security Bulletin for instructions on how to apply the necessary updates: https://www.ibm.com/support/pages/node/6728604

Conclusion

CVE-2023-28528 is a critical vulnerability in IBM AIX and VIOS operating systems that allows a non-privileged local user to execute arbitrary commands on the affected system. It is important to ensure that your systems are up-to-date with the latest security patches provided by IBM in order to protect against potential exploits.

Stay vigilant and keep your systems updated to safeguard your critical data and infrastructure.

Timeline

Published on: 04/28/2023 03:15:00 UTC
Last modified on: 05/18/2023 16:15:00 UTC