CVE-2013-4011

IBM AIX 6.1/7.1 - Local Privilege Escalation

Severity Score

7.8

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Multiple unspecified vulnerabilities in the InfiniBand subsystem in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, allow local users to gain privileges via vectors involving (1) arp.ib or (2) ibstat.

Múltiples vulnerabilidades no especificadas en el InfiniBand subsystem en IBM AIX 6.1 y 7.1, y VIOS v2.2.2.2-FP-26 SP-02, permite a usuarios locales conseguir privilegios a través de vectores relacionados (1) arp.ib o (2) ibstat.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2013-06-07 CVE Reserved
2013-07-18 CVE Published
2013-09-24 First Exploit
2024-08-06 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CAPEC

References (20)

URL	Tag	Source
http://osvdb.org/95419	Vdb Entry
http://osvdb.org/95420	Vdb Entry
http://secunia.com/advisories/54215	Third Party Advisory
http://www.securityfocus.com/bid/61287	Vdb Entry
http://www.securitytracker.com/id/1028792	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/85617	Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19167	Signature
http://www-01.ibm.com/support/docview.wss?uid=isg1IV43827
http://www-01.ibm.com/support/docview.wss?uid=isg1IV43756

URL	Date	SRC
https://packetstorm.news/files/id/126014	2014-04-03
https://packetstorm.news/files/id/123369	2013-09-24
https://www.exploit-db.com/exploits/28507	2013-09-24
https://www.exploit-db.com/exploits/32700	2014-04-04

URL	Date	SRC

URL	Date	SRC
http://aix.software.ibm.com/aix/efixes/security/infiniband_advisory.asc	2017-09-19
http://www.ibm.com/support/docview.wss?uid=isg1IV43561	2017-09-19
http://www.ibm.com/support/docview.wss?uid=isg1IV43562	2017-09-19
http://www.ibm.com/support/docview.wss?uid=isg1IV43580	2017-09-19
http://www.ibm.com/support/docview.wss?uid=isg1IV43582	2017-09-19
http://www.ibm.com/support/docview.wss?uid=isg1IV43756	2017-09-19
http://www.ibm.com/support/docview.wss?uid=isg1IV43827	2017-09-19

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Ibm Search vendor "Ibm"		Aix Search vendor "Ibm" for product "Aix"				6.1 Search vendor "Ibm" for product "Aix" and version "6.1"		-		Affected
Ibm Search vendor "Ibm"		Aix Search vendor "Ibm" for product "Aix"				7.1 Search vendor "Ibm" for product "Aix" and version "7.1"		-		Affected
Ibm Search vendor "Ibm"		Vios Search vendor "Ibm" for product "Vios"				2.2.2.2 Search vendor "Ibm" for product "Vios" and version "2.2.2.2"		fp-26_sp-02		Affected