CVE-2016-0266
low
CVSS v3
3.7
CVSS v2
4.3
VIR risk
3.7
Description
IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x do not default to the latest TLS version, which makes it easier for man-in-the-middle attackers to obtain sensitive information via unspecified vectors.
Predictions
Exploit likelihood
47%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: psirt@us.ibm.com — https://aix.software.ibm.com/aix/efixes/security/nettcp_advisory2.asc
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| ibm | vios | 2.2.0.10 | |
| ibm | vios | 2.2.0.11 | |
| ibm | vios | 2.2.0.12 | |
| ibm | vios | 2.2.0.13 | |
| ibm | vios | 2.2.1.0 | |
| ibm | vios | 2.2.1.1 | |
| ibm | vios | 2.2.1.3 | |
| ibm | vios | 2.2.1.4 | |
| ibm | vios | 2.2.1.5 | |
| ibm | vios | 2.2.1.6 | |
| ibm | vios | 2.2.1.7 | |
| ibm | vios | 2.2.1.8 | |
| ibm | vios | 2.2.1.9 | |
| ibm | vios | 2.2.2.0 | |
| ibm | vios | 2.2.2.1 | |
| ibm | vios | 2.2.2.2 | |
| ibm | vios | 2.2.2.3 | |
| ibm | vios | 2.2.2.4 | |
| ibm | vios | 2.2.2.5 | |
| ibm | vios | 2.2.3.0 | |
| ibm | vios | 2.2.3.1 | |
| ibm | vios | 2.2.3.2 | |
| ibm | vios | 2.2.3.3 | |
| ibm | vios | 2.2.3.4 | |
| ibm | vios | 2.2.3.50 | |
| ibm | vios | 2.2.3.51 | |
| ibm | vios | 2.2.3.52 | |
| ibm | vios | 2.2.3.60 | |
| ibm | vios | 2.2.3.70 | |
| ibm | vios | 2.2.4.0 | |
| ibm | vios | 2.2.4.10 | |
| ibm | vios | 2.2.4.21 | |
| ibm | vios | 2.2.4.22 | |
References
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV86116
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV86117
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV86118
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV86119
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV86120
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV86132
- http://www.securityfocus.com/bid/92150
- http://www.securitytracker.com/id/1036467
- https://aix.software.ibm.com/aix/efixes/security/nettcp_advisory2.asc
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV86116
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV86117
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV86118
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV86119
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV86120
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV86132
- http://www.securityfocus.com/bid/92150
- http://www.securitytracker.com/id/1036467
- https://aix.software.ibm.com/aix/efixes/security/nettcp_advisory2.asc
CWEs
CWE-254
Verify integrity in audit chain (admin only). AS-IS.