Login Sign Up

CVE-2022-22351

8.6 HIGH
Denial of Service

📋 TL;DR

This vulnerability in IBM AIX and VIOS allows a non-privileged user on a trusted host to exploit the nimsh daemon to cause denial of service on another trusted host. It affects IBM AIX 7.1, 7.2, 7.3 and VIOS 3.1 systems configured with trusted host relationships.

💻 Affected Systems

Products:
  • IBM AIX
  • IBM VIOS
Versions: AIX 7.1, 7.2, 7.3; VIOS 3.1
Operating Systems: IBM AIX, IBM VIOS
Default Config Vulnerable: ⚠️ Yes
Notes: Requires nimsh daemon running and trusted host relationships configured between systems.

📦 What is this software?

Aix by Ibm

View all CVEs affecting Aix →

Aix by Ibm

View all CVEs affecting Aix →

Aix by Ibm

View all CVEs affecting Aix →

Aix by Ibm

View all CVEs affecting Aix →

Aix by Ibm

View all CVEs affecting Aix →

Aix by Ibm

View all CVEs affecting Aix →

Aix by Ibm

View all CVEs affecting Aix →

Vios by Ibm

View all CVEs affecting Vios →

Vios by Ibm

View all CVEs affecting Vios →

Vios by Ibm

View all CVEs affecting Vios →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete disruption of nimsh daemon services across multiple trusted hosts, potentially affecting system management and automation capabilities.

🟠

Likely Case

Targeted denial of service against specific nimsh daemons on trusted hosts, disrupting AIX system management operations.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls between trusted hosts.

🌐 Internet-Facing: LOW - nimsh daemon typically not exposed to internet, requires trusted host relationship.
🏢 Internal Only: HIGH - Exploitable within internal networks where trusted host relationships exist between AIX/VIOS systems.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Requires non-privileged access on a trusted host, but exploit details not publicly available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: AIX: Apply APAR IJ29560; VIOS: Apply APAR IJ29561

Vendor Advisory: https://www.ibm.com/support/pages/node/6561275

Restart Required: Yes

Instructions:

1. Download appropriate fix from IBM Fix Central. 2. Install fix using smitty or installp command. 3. Reboot system to ensure nimsh daemon restarts with patched code.

🔧 Temporary Workarounds

Disable nimsh daemon

aix

Stop and disable the nimsh daemon if not required for operations

stopsrc -s nimsh
chssys -s nimsh -d

Restrict trusted host access

aix

Review and minimize trusted host relationships to only necessary systems

Review /etc/hosts.equiv and ~/.rhosts files

🧯 If You Can't Patch

  • Implement strict network segmentation between AIX/VIOS systems
  • Monitor nimsh daemon logs for unusual activity and restart if crashes occur

🔍 How to Verify

Check if Vulnerable:

Check AIX version: oslevel -s; Check if nimsh daemon is running: lssrc -s nimsh

Check Version:

oslevel -s

Verify Fix Applied:

Verify APAR applied: instfix -ik IJ29560 (AIX) or instfix -ik IJ29561 (VIOS)

📡 Detection & Monitoring

Log Indicators:

  • nimsh daemon crashes in /var/adm/ras/errlog
  • Unexpected nimsh process terminations

Network Indicators:

  • Unusual traffic patterns between trusted AIX hosts on nimsh port (3901/tcp)

SIEM Query:

source="aix_logs" AND process="nimsh" AND (event="crash" OR event="terminated")

📊 Metadata

CVE ID: CVE-2022-22351
CVSS v3 Score: 8.6 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Published: March 7, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON