Blog home
Vulnerabilities

Mondoo detects and fixes critical IBM AIX Vulnerabilities: CVE-2024-56346 and CVE-2024-56347

Deborah Galea
Chris Hartmann
April 2, 2025
05 min read

Recently, two critical vulnerabilities were detected in IBM AIX systems that pose significant threats to enterprise environments: CVE-2024-56346 and CVE-2024-56347, with CVSS scores 10 and 9.6. These vulnerabilities enable remote attackers to run arbitrary commands on affected systems without authentication or user interaction, potentially leading to complete system compromise. Since IBM AIX is widely used in enterprise IT environments where high availability and security are essential, the vulnerabilities are especially concerning. In this blog we explain more about the vulnerabilities, how to determine if your systems are affected, and how to remediate them.

What is IBM AIX?

IBM AIX (Advanced Interactive eXecutive) is a proprietary Unix-based operating system developed by IBM, primarily used in enterprise environments for high-performance, secure, and reliable data processing, especially in industries like finance, government, and healthcare. It is optimized for IBM Power Systems and is known for its robust security, scalability, and reliability.

Since AIX is widely used for mission-critical applications in various domains including banking, retail, telecom and insurance, these vulnerabilities pose a serious risk.

About the IBM AIX Vulnerabilities

Further details on the IBM AIX vulnerabilities:

CVE-2024-56346 (CVSS score 10): This vulnerability affects the nimesis Network Installation Management (NIM) master service in AIX 7.2 and 7.3. The flaw, due to improper process controls, could allow a remote attacker to execute arbitrary commands.

CVE-2024-56347 (CVSS score 9.6): This vulnerability relates to the nimsh service's SSL/TLS protection mechanisms in AIX 7.2 and 7.3. Exploitation could allow a remote attacker to execute arbitrary commands due to improper process controls.

Both vulnerabilities can be remotely exploited through low-complexity attacks that require no privileges. However, CVE-2024-56347 necessitates some level of user interaction, whereas CVE-2024-56346 does not, which is why it is scored at an even higher risk.

Who is affected?

The security flaws affect IBM AIX version 7.2 and version 7.3, including systems running on Virtual I/O Server (VIOS) environments. The affected file sets include:

bos.sysmgt.nim.client
bos.sysmgt.nim.master
bos.sysmgt.sysbr

You can determine if your systems are vulnerable by checking the installed file sets using the AIX command:

lslpp -L | grep -i bos.sysmgt.nim.client

Alternatively, you can use Mondoo cnspec and connect to AIX remotely via cnspec shell ssh user@ip. Then query the installed packages via:

> packages.where(name ==/bos.sysmgt/) { name version }

Querying installed packages in cnspec

If you just want to see the three affected packages instead:

> packages.where( name.in(["bos.sysmgt.nim.client", "bos.sysmgt.nim.master", "bos.sysmgt.sysbr"]) ) { name version }

packages.where.list: [
  0: {
	version: "7.3.3.0"
	name: "bos.sysmgt.nim.client"
  }
  1: {
	version: "7.3.3.0"
	name: "bos.sysmgt.sysbr"
  }
  2: {
	version: "7.3.3.0"
	name: "bos.sysmgt.nim.client"
  }
  3: {
	version: "7.3.3.0"
	name: "bos.sysmgt.sysbr"
  }
]

Find and fix the security risks that pose the biggest threat to your business.

Get started

Problembehebung dreimal schneller mit Mondoo Unified Exposure Management

Vereinbaren Sie eine Demo

How to remediate CVE-2024-56346 and CVE-2024-56347

IBM has released patches to address these vulnerabilities and recommends immediately applying the following fixes:

For AIX 7.2.5: APAR IJ53757 (SP10)
For AIX 7.3.1: APAR IJ53929
For AIX 7.3.2: APAR IJ53923 (SP04)
For AIX 7.3.3: APAR IJ53792 (SP01)

Security patches are available for download from IBM’s AIX security bulletin. Below is an example of how to fix NIM clients for 7.3.3.0:

wget https://aix.software.ibm.com/aix/efixes/security/nim_fix.tar
tar xvf nim_fix.tar
cd nim_fix

wget https://aix.software.ibm.com/aix/efixes/security/systems_p_os_aix_security_pubkey.txt
openssl dgst -sha256 -verify systems_p_os_aix_security_pubkey.txt -signature IJ53792m0a.250317.epkg.Z.sig IJ53792m0a.250317.epkg.Z
Verified OK

emgr -e IJ53792m0a.250317.epkg.Z -X

How Mondoo can help

The IBM AIX vulnerabilities underline how important it is for organizations to quickly be able to understand their exposure to breaking vulnerabilities so risks can be remediated swiftly or if no fix exists, mitigated to remove or significantly reduce exposure.

This is where Mondoo can help. An intuitive exposure management platform that not only detects issues but helps you fix them as fast as possible, Mondoo helps you proactively bolster your security posture and quickly address zero-day risks.

Once connected, Mondoo will continually scan your AIX hosts for vulnerabilities and misconfigurations, including CVE-2024-56346 and CVE-2024-56347. This enables your team to quickly identify and fix these critical vulnerabilities.

Mondoo has detected CVE-2024-56346 on an IBM AIX machine

For proactive IBM AIX security, Mondoo can continually perform the checks included in the IBM AIX CIS benchmark. This helps teams automate hardening efforts for IBM AIX and significantly boosts security postures.

About Mondoo

Mondoo identifies, prioritizes, and addresses vulnerabilities and misconfigurations in your entire IT infrastructure and SDLC from a single interface—covering on-prem, cloud, SaaS, and endpoints. Unlike siloed approaches, Mondoo enables you to quickly understand your most urgent risks and initiate fast remediation, ensuring optimized security efforts and significantly improving security posture. 

Deborah Galea

Deborah ist Direktorin für Produktmarketing bei Mondoo und leitet die Bereiche Messaging und Positionierung, Produkteinführungen und Vertriebsförderung. Sie verfügt über mehr als 20 Jahre Erfahrung in der Cybersicherheitsbranche. Vor ihrer Tätigkeit bei Mondoo war Deborah Direktorin für Produktmarketing bei Orca Security und hatte verschiedene Marketingpositionen bei anderen Cybersicherheitsunternehmen inne. Sie war Mitbegründerin des E-Mail-Sicherheitsunternehmens Red Earth Software, das 2014 vom Cybersicherheitsunternehmen OPSWAT übernommen wurde.

Chris Hartmann

Christoph Hartmann, Mitbegründer und CTO von Mondoo, möchte die Welt sicherer machen. Er ist seit langem führend in den Bereichen Sicherheitstechnik und DevOps und entwickelt weit verbreitete Lösungen wie Dev-Sec.io und InSpec. Zum Spaß baut er alles, von benutzerdefinierten Betriebssystemen bis hin zu autonomen Lego Mindstorm-Robotern.

You might also like

Microsoft
Microsoft Patch Tuesday August 2025: How to Prioritize Vulnerabilities for Patching
Deborah Galea
Christian Zunker
August 15, 2025
Vulnerabilities
Introducing Agentic Vulnerability Patching Using Ansible
Chip Johnson
Deborah Galea
August 14, 2025
Insights from DEF CON 33: From LLM Hacking to Supply Chain Remediation
Dominik Richter
August 13, 2025

Stay informed with our news and new articles

Danke! Deine Einreichung ist eingegangen!
Hoppla! Beim Absenden des Formulars ist etwas schief gelaufen.