NIS RPC Vulnerability

HIGH (10.0) No Patch (10962 days)
ibmnisremote-accessrpcvulnerability

Threat Intelligence

⚠️ CRITICAL GAP - Exploits exist but no detection available
EPSS Score: 44.87% chance of exploitation (percentile: 97%)
🔍 Detection Tools: None available in major open-source tools
⚔️ Exploit Availability: Exploit-DB

How we test →

What is it?

The rpc.ypupdated (NIS) service is a remote procedure call (RPC) protocol used for networked operations on Unix-like systems. This vulnerability allows remote users to execute arbitrary commands, potentially leading to unauthorized access and control of the system.

Am I affected?

You're affected if you use NIS versions prior to 4.0.3 or later, specifically rpc.ypupdated (NIS). Version info not stated in advisory.

Affected Products

IBM / NIS

How to fix

Upgrade to NIS version 4.0.3 or later.
- Manual verification and testing recommended due to lack of automated detection tools.

References