CVE-2023-43064: 
NixOS vulnerability analysis and mitigation

Facsimile Support for IBM i 7.2, 7.3, 7.4, and 7.5 contains a vulnerability that could allow a local user to gain elevated privileges due to an unqualified library call. The vulnerability was discovered and disclosed in December 2023, identified as CVE-2023-43064. A malicious actor could exploit this vulnerability to cause arbitrary code to run with the privilege of the user invoking the facsimile support (IBM Security Bulletin).

The vulnerability has been assigned a CVSS v3.1 base score of 7.8 HIGH by NVD with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. IBM Corporation initially rated it with a base score of 7.0 HIGH with vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerability is classified as CWE-427 (Uncontrolled Search Path Element) (NVD).

The vulnerability can lead to significant security implications as it allows attackers to execute arbitrary code with elevated privileges. This could result in complete compromise of system confidentiality, integrity, and availability within the scope of the affected user's privileges (IBM Security Bulletin).

IBM has released fixes for the vulnerability through PTF SI85663 for all affected versions (7.2, 7.3, 7.4, and 7.5) of IBM i with 5798-FAX version V5R8M0. IBM recommends that all users running unsupported versions of affected products upgrade to supported and fixed versions. No workarounds are available for this vulnerability (IBM Security Bulletin).