The IBM AIX nimsh service is a remote management tool for IBM's AIX operating system. It allows administrators to manage and configure the system from a distance. However, due to improper process controls, an attacker can execute arbitrary commands on the server by exploiting this vulnerability.
Specific version info not stated in the advisory. If you don't recognise this software, you're probably not affected.
Upgrade to a patched version: Contact IBM directly for the latest patch information.
- Immediate mitigations:
- Restrict network access to your NIM instance (firewall it from the public internet)
- Audit admin account activity for suspicious access patterns
- Monitor for unauthorized token creation