CVE-2013-4011
38Vexday Risk Score
Patch soon. It has a working public exploit.
ssvc Attendepss 2.8%
from disclosure to weapon68 days
Published on NVDJul 18
1st PoC+68d
metasploit+68d
exploitation probability
2.8%top 15% of all CVEs
observed exploitation
nono source reports it
2 public exploit(s)
Multiple unspecified vulnerabilities in the InfiniBand subsystem in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, allow local users to gain privileges via vectors involving (1) arp.ib or (2) ibstat.
Affected products
n/a · n/apublic PoCs found — 2
exploitdbwww.exploit-db.com/exploits/28507unverifiedexploitdbwww.exploit-db.com/exploits/32700unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
References
http://aix.software.ibm.com/aix/efixes/security/infiniband_advisory.aschttp://osvdb.org/95419http://osvdb.org/95420http://secunia.com/advisories/54215https://exchange.xforce.ibmcloud.com/vulnerabilities/85617https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19167http://www.ibm.com/support/docview.wss?uid=isg1IV43561http://www.ibm.com/support/docview.wss?uid=isg1IV43562http://www.ibm.com/support/docview.wss?uid=isg1IV43580http://www.ibm.com/support/docview.wss?uid=isg1IV43582http://www.ibm.com/support/docview.wss?uid=isg1IV43756http://www.ibm.com/support/docview.wss?uid=isg1IV43827