Blog home
Vulnerabilities

Mondoo detects and fixes critical IBM AIX Vulnerabilities: CVE-2024-56346 and CVE-2024-56347

Deborah Galea
Christoph Hartmann
April 2, 2025
05 min read

Recently, two critical vulnerabilities were detected in IBM AIX systems that pose significant threats to enterprise environments: CVE-2024-56346 and CVE-2024-56347, with CVSS scores 10 and 9.6. These vulnerabilities enable remote attackers to run arbitrary commands on affected systems without authentication or user interaction, potentially leading to complete system compromise. Since IBM AIX is widely used in enterprise IT environments where high availability and security are essential, the vulnerabilities are especially concerning. In this blog we explain more about the vulnerabilities, how to determine if your systems are affected, and how to remediate them.

What is IBM AIX?

IBM AIX (Advanced Interactive eXecutive) is a proprietary Unix-based operating system developed by IBM, primarily used in enterprise environments for high-performance, secure, and reliable data processing, especially in industries like finance, government, and healthcare. It is optimized for IBM Power Systems and is known for its robust security, scalability, and reliability.

Since AIX is widely used for mission-critical applications in various domains including banking, retail, telecom and insurance, these vulnerabilities pose a serious risk.

About the IBM AIX Vulnerabilities

Further details on the IBM AIX vulnerabilities:

CVE-2024-56346 (CVSS score 10): This vulnerability affects the nimesis Network Installation Management (NIM) master service in AIX 7.2 and 7.3. The flaw, due to improper process controls, could allow a remote attacker to execute arbitrary commands.

CVE-2024-56347 (CVSS score 9.6): This vulnerability relates to the nimsh service's SSL/TLS protection mechanisms in AIX 7.2 and 7.3. Exploitation could allow a remote attacker to execute arbitrary commands due to improper process controls.

Both vulnerabilities can be remotely exploited through low-complexity attacks that require no privileges. However, CVE-2024-56347 necessitates some level of user interaction, whereas CVE-2024-56346 does not, which is why it is scored at an even higher risk.

Who is affected?

The security flaws affect IBM AIX version 7.2 and version 7.3, including systems running on Virtual I/O Server (VIOS) environments. The affected file sets include:

bos.sysmgt.nim.client
bos.sysmgt.nim.master
bos.sysmgt.sysbr

You can determine if your systems are vulnerable by checking the installed file sets using the AIX command:

lslpp -L | grep -i bos.sysmgt.nim.client

Alternatively, you can use Mondoo cnspec and connect to AIX remotely via cnspec shell ssh user@ip. Then query the installed packages via:

> packages.where(name ==/bos.sysmgt/) { name version }

Querying installed packages in cnspec

If you just want to see the three affected packages instead:

> packages.where( name.in(["bos.sysmgt.nim.client", "bos.sysmgt.nim.master", "bos.sysmgt.sysbr"]) ) { name version }

packages.where.list: [
  0: {
	version: "7.3.3.0"
	name: "bos.sysmgt.nim.client"
  }
  1: {
	version: "7.3.3.0"
	name: "bos.sysmgt.sysbr"
  }
  2: {
	version: "7.3.3.0"
	name: "bos.sysmgt.nim.client"
  }
  3: {
	version: "7.3.3.0"
	name: "bos.sysmgt.sysbr"
  }
]

Find and fix the security risks that pose the biggest threat to your business.

Get started

Schedule a demo with one of our experts to learn more.

Schedule a Demo

How to remediate CVE-2024-56346 and CVE-2024-56347

IBM has released patches to address these vulnerabilities and recommends immediately applying the following fixes:

For AIX 7.2.5: APAR IJ53757 (SP10)
For AIX 7.3.1: APAR IJ53929
For AIX 7.3.2: APAR IJ53923 (SP04)
For AIX 7.3.3: APAR IJ53792 (SP01)

Security patches are available for download from IBM’s AIX security bulletin. Below is an example of how to fix NIM clients for 7.3.3.0:

wget https://aix.software.ibm.com/aix/efixes/security/nim_fix.tar
tar xvf nim_fix.tar
cd nim_fix

wget https://aix.software.ibm.com/aix/efixes/security/systems_p_os_aix_security_pubkey.txt
openssl dgst -sha256 -verify systems_p_os_aix_security_pubkey.txt -signature IJ53792m0a.250317.epkg.Z.sig IJ53792m0a.250317.epkg.Z
Verified OK

emgr -e IJ53792m0a.250317.epkg.Z -X

How Mondoo can help

The IBM AIX vulnerabilities underline how important it is for organizations to quickly be able to understand their exposure to breaking vulnerabilities so risks can be remediated swiftly or if no fix exists, mitigated to remove or significantly reduce exposure.

This is where Mondoo can help. An intuitive exposure management platform that not only detects issues but helps you fix them as fast as possible, Mondoo helps you proactively bolster your security posture and quickly address zero-day risks.

Once connected, Mondoo will continually scan your AIX hosts for vulnerabilities and misconfigurations, including CVE-2024-56346 and CVE-2024-56347. This enables your team to quickly identify and fix these critical vulnerabilities.

Mondoo has detected CVE-2024-56346 on an IBM AIX machine

For proactive IBM AIX security, Mondoo can continually perform the checks included in the IBM AIX CIS benchmark. This helps teams automate hardening efforts for IBM AIX and significantly boosts security postures.

About Mondoo

Mondoo identifies, prioritizes, and addresses vulnerabilities and misconfigurations in your entire IT infrastructure and SDLC from a single interface—covering on-prem, cloud, SaaS, and endpoints. Unlike siloed approaches, Mondoo enables you to quickly understand your most urgent risks and initiate fast remediation, ensuring optimized security efforts and significantly improving security posture. 

Deborah Galea

Deborah is Director of Product Marketing at Mondoo and leads messaging and positioning, product launches, and sales enablement. She has 20+ years of experience in the cybersecurity industry. Prior to Mondoo, Deborah was Director of Product Marketing at Orca Security and held various marketing positions at other cybersecurity companies. She co-founded email security company Red Earth Software, which was acquired by cybersecurity firm OPSWAT in 2014.

Christoph Hartmann

Christoph Hartmann, co-founder and CTO at Mondoo, wants to make the world more secure. He’s long been a leader in security engineering and DevOps, creating widely adopted solutions like Dev-Sec.io and InSpec. For fun, he builds everything from custom operating systems to autonomous Lego Mindstorm robots.

You might also like

Vulnerabilities
Mondoo’s Policy as Code Detects IngressNightmare Vulnerabilities on Kubernetes
Deborah Galea
March 25, 2025
Compliance
Why Vulnerability Automation Is the Smart Way to Tackle NIS2
Deborah Galea
March 6, 2025
Releases
Mondoo Release Highlights February 2025
Letha Dunn
Tim Smith
March 3, 2025

Stay informed with our news and new articles

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.