cve-2022-22351
Vulnerability from cvelistv5
Published
2022-03-07 16:55
Modified
2024-09-16 23:31
Severity
Summary
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged trusted host user to exploit a vulnerability in the nimsh daemon to cause a denial of service in the nimsh daemon on another trusted host. IBM X-Force ID: 220396
References
| Source | URL | Tags |
|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/220396 | VDB Entry, Vendor Advisory |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6561275 | Patch, Vendor Advisory |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:14:54.612Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6561275"
},
{
"name": "ibm-aix-cve202222351-dos (220396)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/220396"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AIX",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.1"
},
{
"status": "affected",
"version": "7.2"
},
{
"status": "affected",
"version": "7.3"
}
]
},
{
"product": "VIOS",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "3.1"
}
]
}
],
"datePublic": "2022-03-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged trusted host user to exploit a vulnerability in the nimsh daemon to cause a denial of service in the nimsh daemon on another trusted host. IBM X-Force ID: 220396"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/UI:N/C:N/I:N/A:H/S:C/AV:A/PR:N/AC:H/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-07T16:55:17",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6561275"
},
{
"name": "ibm-aix-cve202222351-dos (220396)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/220396"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2022-03-04T00:00:00",
"ID": "CVE-2022-22351",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AIX",
"version": {
"version_data": [
{
"version_value": "7.1"
},
{
"version_value": "7.2"
},
{
"version_value": "7.3"
}
]
}
},
{
"product_name": "VIOS",
"version": {
"version_data": [
{
"version_value": "3.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged trusted host user to exploit a vulnerability in the nimsh daemon to cause a denial of service in the nimsh daemon on another trusted host. IBM X-Force ID: 220396"
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"AC": "H",
"AV": "A",
"C": "N",
"I": "N",
"PR": "N",
"S": "C",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6561275",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6561275 (AIX)",
"url": "https://www.ibm.com/support/pages/node/6561275"
},
{
"name": "ibm-aix-cve202222351-dos (220396)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/220396"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2022-22351",
"datePublished": "2022-03-07T16:55:17.127823Z",
"dateReserved": "2022-01-03T00:00:00",
"dateUpdated": "2024-09-16T23:31:18.019Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2022-22351\",\"sourceIdentifier\":\"psirt@us.ibm.com\",\"published\":\"2022-03-07T17:15:08.323\",\"lastModified\":\"2023-08-08T14:22:24.967\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged trusted host user to exploit a vulnerability in the nimsh daemon to cause a denial of service in the nimsh daemon on another trusted host. IBM X-Force ID: 220396\"},{\"lang\":\"es\",\"value\":\"IBM AIX versiones 7.1, 7.2, 7.3 y VIOS 3.1 podr\u00edan permitir a un usuario de host de confianza sin privilegios explotar una vulnerabilidad en el demonio nimsh para causar una denegaci\u00f3n de servicio en el demonio nimsh en otro host de confianza. ID de IBM X-Force: 220396\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":8.6,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":4.0}],\"cvssMetricV30\":[{\"source\":\"psirt@us.ibm.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":1.6,\"impactScore\":4.0}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:C\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\",\"baseScore\":7.8},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:vios:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.1.1\",\"versionEndExcluding\":\"3.1.1.60\",\"matchCriteriaId\":\"9AF7CE9B-8375-4A22-B1F2-7D0C8902A9C6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:vios:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.1.2\",\"versionEndExcluding\":\"3.1.2.40\",\"matchCriteriaId\":\"62BD0B43-6B35-452D-881D-C0667D009980\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:vios:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.1.3\",\"versionEndExcluding\":\"3.1.3.20\",\"matchCriteriaId\":\"2B4B85B9-D357-4EF5-8841-2EB06A8B948F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ibm:aix:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.1.5.0\",\"versionEndIncluding\":\"7.1.5.37\",\"matchCriteriaId\":\"21ECF3C0-7947-4B23-B41D-1ED250FDAD1A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ibm:aix:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.2.4.0\",\"versionEndIncluding\":\"7.2.4.4\",\"matchCriteriaId\":\"72B0DC64-3118-40B5-A105-04BFD9BAF044\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ibm:aix:7.2.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F10E3F46-B898-4541-9AE2-67256136EDCF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ibm:aix:7.2.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BAA90075-E2BE-43B1-8D42-DFC8B88276A0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ibm:aix:7.2.5.100:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"23710D91-B98D-4631-A184-D16D2CB05C6A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ibm:aix:7.3.0:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"115CFD05-2E8E-4750-A4F8-C434F5787672\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ibm:aix:7.3.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D7BD78E-0BF7-47E0-BD42-F89107B851B3\"}]}]}],\"references\":[{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/220396\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"VDB Entry\",\"Vendor Advisory\"]},{\"url\":\"https://www.ibm.com/support/pages/node/6561275\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
}
}
Loading...