Description
IBM AIX 7.2, 7.3, IBM VIOS 3.1, and 4.1, when configured to use Kerberos network authentication, could allow a local user to write to files on the system with root privileges due to improper initialization of critical variables.
CVSS breakdown
CVSS 3.1
Attack Vector
Local
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected products
- ibm / aix7.2 – 7.2
- ibm / aix7.3 – 7.3
- ibm / vios3.1 – 3.1
- ibm / vios4.1 – 4.1
- ibm / vios3.1 – 3.1
- ibm / vios4.1 – 4.1