📅 New security bulletin – December
IBM i Access Client Solutions (ACS) has been hit by three major vulnerabilities, including one enabling remote code execution 🖥️⚠️ and others jeopardizing password security 🔑.
🚨 Summary of identified faults
🔎 IBM i Access Client Solutions is vulnerable to :
✔️ Remote code execution via a serialized object authentication flaw(CVE-2023-45185).
✔️ Insecure storage of passwords enabling extraction of the encryption key(CVE-2023-45184).
✔️ Brute-force decoding of encryption key facilitates access to passwords(CVE-2023-45182).
📌 Vulnerability details & CVSS scores :
🔴 Flaw 1 – Decryption key exposed
🔹 Impact: An attacker could recover an encryption key due to incorrect authority checks.
🔹 CVSS score: 6.2 / 10
🔴 Flaw 2 – Password decoding
🔹 Impact: A local attacker could exploit this flaw to access the passwords of other systems.
🔹 CVSS score: 7.1 / 10
🔴 Flaw 3 – Remote code execution
🔹 Impact: An attacker could take control of a PC and execute malicious code under the user’s authority.
🔹 CVSS score: 7.4 / 10
🔗 Source and vulnerability details : See here
✅ Solution: Upgrade to IBM i Access Client Solutions!
IBM and cybersecurity experts strongly recommend updating ACS to the latest available version:
📌 Required version: 1.1.9.4
⚡ Act now to secure your IT environment with STR-iCT!