CVE-2023-28528

CVE-2023-28528 is a vulnerability that has been identified in AIX's invscout setUID binary. This flaw could potentially allow an attacker to gain remote code execution privileges on the affected system. The vulnerability exists due to the improper handling of user-supplied input within the invscout binary, which allows an attacker to pass malicious input and execute arbitrary code. The vulnerability was identified by Talos Intelligence and assigned the identifier TALOS-2023-1691. It was disclosed publicly on June 8th, 2023, after being responsibly reported to the vendor. At the time of disclosure, there were no known public exploits or attacks utilizing this vulnerability. AIX, the operating system where the vulnerability exists, has already released a patch for this issue. System administrators are advised to update their systems as soon as possible to ensure they are protected from potential exploitation of this vulnerability. In addition, it is recommended to review security controls and network segmentation to minimize the impact of any potential future attacks.