CVE-2023-45174 – A local privilege escalation vulnerability in I... (How to Fix)

Q: What is the severity of CVE-2023-45174?

CVE-2023-45174 has a CVSS score of 8.4 (HIGH). A local privilege escalation vulnerability in IBM AIX and VIOS allows privileged local users to exploit the qdaemon command to gain elevated privileges or cause denial of service. This affects IBM AIX 7.2, 7.3, and VIOS 3.1 systems. Attackers with existing local access can potentially gain root privileges.

📋 TL;DR

A local privilege escalation vulnerability in IBM AIX and VIOS allows privileged local users to exploit the qdaemon command to gain elevated privileges or cause denial of service. This affects IBM AIX 7.2, 7.3, and VIOS 3.1 systems. Attackers with existing local access can potentially gain root privileges.

💻 Affected Systems

Products:

IBM AIX
IBM VIOS

Versions: AIX 7.2, 7.3; VIOS 3.1

Operating Systems: IBM AIX, IBM VIOS

Default Config Vulnerable: ⚠️ Yes

Notes: Requires local privileged user access to exploit. qdaemon is a core system component.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Privileged local user gains root access, leading to complete system compromise, data theft, and persistent backdoor installation.

🟠

Likely Case

Privileged local user escalates to root privileges, enabling unauthorized administrative actions and potential lateral movement.

🟢

If Mitigated

With proper access controls and monitoring, impact is limited to isolated privilege escalation attempts that are detected and contained.

🌐 Internet-Facing: LOW

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires existing local privileged access. No public exploit code available as of analysis.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: AIX 7.2 TL5 SP2, 7.3 TL3 SP2; VIOS 3.1.4.30

Vendor Advisory: https://www.ibm.com/support/pages/node/7095022

Restart Required: Yes

Instructions:

1. Download appropriate fix from IBM Fix Central. 2. Apply fix using smitty or installp command. 3. Reboot system to complete installation.

🔧 Temporary Workarounds

Restrict qdaemon access

aix

Limit access to qdaemon command and related files to authorized administrators only

chmod 750 /usr/sbin/qdaemon
chown root:system /usr/sbin/qdaemon

🧯 If You Can't Patch

Implement strict least privilege access controls for local users
Monitor qdaemon process activity and privilege escalation attempts

🔍 How to Verify

Check if Vulnerable:

Check AIX/VIOS version and installed filesets: oslevel -s and lslpp -L | grep bos.rte.printers

Check Version:

oslevel -s

Verify Fix Applied:

Verify fix installation: instfix -i | grep IJ46620 or IJ46621

📡 Detection & Monitoring

Log Indicators:

Unusual qdaemon process activity
Privilege escalation attempts in audit logs
Failed authorization attempts for qdaemon

Network Indicators:

None - local exploitation only

SIEM Query:

Search for qdaemon process execution with elevated privileges or unusual parent processes

📊 Metadata

CVE ID: CVE-2023-45174

CVSS v3 Score: 8.4 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Published: December 13, 2023

Last Updated: November 21, 2024

🔗 References

https://exchange.xforce.ibmcloud.com/vulnerabilities/267972 VDB Entry,Vendor Advisory
https://www.ibm.com/support/pages/node/7095022 Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/267972 VDB Entry,Vendor Advisory
https://www.ibm.com/support/pages/node/7095022 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON