CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
---|---|---|
7.1 | $0-$5k | 0.00 |
A vulnerability was found in IBM AIX 6.1/7.1 (Operating System). It has been classified as critical. This affects an unknown functionality of the component tftp Client. The manipulation with an unknown input leads to a access control vulnerability. CWE is classifying the issue as CWE-264. This is going to have an impact on confidentiality, and integrity. The summary by CVE is:
The TFTP client in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, when RBAC is enabled, allows remote authenticated users to bypass intended file-ownership restrictions, and read or overwrite arbitrary files, via unspecified vectors.
The issue has been introduced in 11/09/2007. The weakness was shared 07/03/2013 as confirmed advisory (Website). It is possible to read the advisory at aix.software.ibm.com. This vulnerability is uniquely identified as CVE-2013-3005 since 04/12/2013. It is possible to initiate the attack remotely. The successful exploitation needs a authentication. The technical details are unknown and an exploit is not publicly available. The attack technique deployed by this issue is T1068 according to MITRE ATT&CK.
The vulnerability was handled as a non-public zero-day exploit for at least 2063 days. During that time the estimated underground price was around $5k-$25k. The vulnerability scanner Nessus provides a plugin with the ID 67178 (AIX 7.1 TL 1 : tftp (IV42700)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family AIX Local Security Checks.
Applying the patch tftp_fix is able to eliminate this problem. The bugfix is ready for download at aix.software.ibm.com. A possible mitigation has been published immediately after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at X-Force (85366) and Tenable (67178).
Product
Type
Vendor
Name
Version
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB CVSS-B Score: 🔍VulDB CVSS-BT Score: 🔍
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 8.1VulDB Meta Temp Score: 7.1
VulDB Base Score: 8.1
VulDB Temp Score: 7.1
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
AV | AC | Au | C | I | A |
---|---|---|---|---|---|
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
---|---|---|---|---|---|
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Access controlCWE: CWE-264
ATT&CK: T1068
Local: No
Remote: Yes
Availability: 🔍
Status: Unproven
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
0-Day | unlock | unlock | unlock | unlock |
---|---|---|---|---|
Today | unlock | unlock | unlock | unlock |
Nessus ID: 67178
Nessus Name: AIX 7.1 TL 1 : tftp (IV42700)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Port: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: PatchStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Patch: tftp_fix
Timeline
11/09/2007 🔍04/12/2013 🔍
07/03/2013 🔍
07/03/2013 🔍
07/03/2013 🔍
07/03/2013 🔍
07/05/2013 🔍
07/06/2013 🔍
07/07/2013 🔍
07/08/2013 🔍
05/18/2021 🔍
Sources
Vendor: ibm.comAdvisory: aix.software.ibm.com
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2013-3005 (🔍)
OVAL: 🔍
IAVM: 🔍
X-Force: 85366 - IBM AIX tftp client file overwrite, High Risk
Vulnerability Center: 40338 - IBM AIX Remote Authenticated Arbitrary File Read or Overwrite When RBAC is Enabled, High
SecurityFocus: 60954 - IBM AIX TFTP Client CVE-2013-3005 Security Bypass Vulnerability
Secunia: 54050 - IBM AIX tftp Client Security Bypass Vulnerability, Less Critical
OSVDB: 94842
Entry
Created: 07/08/2013 16:19Updated: 05/18/2021 07:09
Changes: 07/08/2013 16:19 (84), 05/04/2017 11:43 (2), 05/18/2021 07:09 (3)
Complete: 🔍
Committer: olku
No comments yet. Languages: en.
Please log in to comment.