6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
8 High
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
67.8%
OpenSSH used by IBM i is vulnerable to an attacker executing arbitrary commands due to improper validation as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerability as described in the remediation/fixes section below.
CVEID:CVE-2023-51385
**DESCRIPTION:**OpenSSH could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of shell metacharacters. By sending a specially crafted request using expansion tokens, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/275402 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM i | 7.5 |
IBM i | 7.4 |
IBM i | 7.3 |
IBM i | 7.2 |
The issue can be addressed by applying a PTF to IBM i. IBM i releases 7.5, 7.4, 7.3, and 7.2 will be fixed.
The IBM i 5733-SC1 PTF numbers resolve the vulnerability.
IBM i Release| 5733-SC1
PTF Number| PTF Download Link
—|—|—
7.5| SI85935| <https://www.ibm.com/support/pages/ptf/SI85935>
7.4| SI85948| <https://www.ibm.com/support/pages/ptf/SI85948>
7.3| SI85948| <https://www.ibm.com/support/pages/ptf/SI85948>
7.2| SI85948| <https://www.ibm.com/support/pages/ptf/SI85948>
None.
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
8 High
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
67.8%