On June 30, 2023, IBM made official acknowledgement of a vulnerability within the DDM – a well-known IBM i network service – and has published the corresponding patch. The vulnerability impacts IBM i versions 7.2, 7.3, 7.4, and 7.5 and was originally assessed a risk level of 5.6 but has since been elevated to a risk level of 8.6 – making it a high priority item for patching.
This vulnerability stands out from previous vulnerabilities because it does not involve open-source components. By exploiting this vulnerability, any command that QUSER is authorized to execute can be executed. Among them are default jobs for database services, remote commands, printers, file servers, and many more. This opens the possibility for hackers to achieve a successful denial of service attack.
The exit point associated with the DDM server can help if configured correctly. Fortra’s Powertech Exit Point Manager can be used to assist in stopping attacks attempting to exploit this vulnerability.
The IBM i is generally a difficult platform to penetrate, but it can contain hidden back doors that attackers can exploit. This is what makes remaining up-to-date on existing vulnerabilities and their patches so critical. The latest vulnerabilities and their official patches can be found on IBM’s website – and we encourage all IBM i shops to regularly patch their systems.
Fortra can help you find out if your systems are affected by this vulnerability. Our free Frontline Vulnerability Manager scan requires only a list of the IP’s and IP ranges or FQDN’s that you’d like to target. The scan will then produce a list of any at-risk assets and provide details on those assets regarding how they have been impacted by the vulnerability.
Assess Your Exposure to This Vulnerability
This free Frontline Vulnerability Manager scan enables you to quickly run an on-demand scan for the CVE-2023-30990 - Unauthenticated RCE in IBM i DDM Service. Within minutes, you’ll receive an actionable report outlining your areas of risk regarding this vulnerability.