Login Sign Up

CVE-2022-35643

9.1 CRITICAL
Denial of Service

📋 TL;DR

CVE-2022-35643 is a critical vulnerability in IBM PowerVM VIOS 3.1 that allows remote attackers to tamper with system configuration or cause denial of service. This affects organizations running IBM PowerVM Virtual I/O Server 3.1, potentially compromising virtualization infrastructure.

💻 Affected Systems

Products:
  • IBM PowerVM Virtual I/O Server
Versions: Version 3.1
Operating Systems: AIX on Power Systems
Default Config Vulnerable: ⚠️ Yes
Notes: Affects VIOS 3.1 specifically; earlier versions may be unaffected but should be verified.

📦 What is this software?

Powervm Virtual I\/o Server by Ibm

View all CVEs affecting Powervm Virtual I\/o Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attacker to modify virtualization configurations, disrupt all virtual machines, and potentially gain persistent access to the hypervisor layer.

🟠

Likely Case

Denial of service affecting virtual machine availability and potential unauthorized configuration changes to virtual I/O resources.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls, though service disruption remains possible.

🌐 Internet-Facing: HIGH - VIOS management interfaces exposed to internet could be directly attacked without authentication.
🏢 Internal Only: HIGH - Internal attackers or compromised systems could exploit this to disrupt critical virtualization infrastructure.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

IBM describes this as remotely exploitable without authentication, suggesting relatively straightforward exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply fix as described in IBM advisory APAR IJ38230

Vendor Advisory: https://www.ibm.com/support/pages/node/6607886

Restart Required: Yes

Instructions:

1. Download the fix from IBM Fix Central for VIOS 3.1. 2. Apply the fix using VIOS update procedures. 3. Reboot the VIOS partition to complete installation.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict network access to VIOS management interfaces to trusted administrative networks only.

Configure firewall rules to block external access to VIOS management ports

Access Control Hardening

linux

Implement strict access controls and authentication requirements for VIOS management interfaces.

Configure VIOS to require strong authentication and limit administrative access

🧯 If You Can't Patch

  • Isolate VIOS systems from untrusted networks using firewall rules and network segmentation
  • Implement strict monitoring and alerting for unauthorized configuration changes to VIOS

🔍 How to Verify

Check if Vulnerable:

Check VIOS version using 'ioslevel' command and verify if it's 3.1 without the fix applied

Check Version:

ioslevel

Verify Fix Applied:

Verify fix installation by checking for APAR IJ38230 in installed fixes list

📡 Detection & Monitoring

Log Indicators:

  • Unauthorized access attempts to VIOS management interfaces
  • Unexpected configuration changes to virtual I/O resources
  • Service disruption events on VIOS

Network Indicators:

  • Unusual network traffic patterns to VIOS management ports
  • Connection attempts from unauthorized sources to VIOS

SIEM Query:

source="VIOS" AND (event_type="configuration_change" OR event_type="authentication_failure")

📊 Metadata

CVE ID: CVE-2022-35643
CVSS v3 Score: 9.1 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Published: July 29, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON