CVE-2024-45675 identifies a critical authentication bypass vulnerability in IBM Informix Dynamic Server version 14.10. The vulnerability arises due to improper implementation of the password system used for primary authentication, classified under CWE-309 (Use of Password System for Primary Authentication). Specifically, a local attacker with access to the system can bypass password checks and gain administrator-level access to the Informix server without providing any credentials. This flaw effectively nullifies the authentication mechanism, allowing unauthorized users to fully control the database server. The vulnerability requires local access but does not require any privileges or user interaction, making it particularly dangerous in environments where local access controls are weak or compromised. The CVSS v3.1 base score is 8.4, with metrics indicating low attack complexity, no privileges required, no user interaction, and high impact on confidentiality, integrity, and availability. Although no public exploits have been reported yet, the vulnerability's nature suggests that exploitation could lead to complete compromise of the database environment, including data theft, data manipulation, or denial of service. IBM has not yet published a patch or mitigation guidance, but the issue has been officially reserved and published in the CVE database. Organizations using Informix Dynamic Server 14.10 should consider this vulnerability a critical risk to their database security posture.

The impact of CVE-2024-45675 is severe for organizations running IBM Informix Dynamic Server 14.10. An attacker with local system access can escalate privileges to full administrative control over the database server without authentication. This can lead to unauthorized disclosure of sensitive data, unauthorized data modification or deletion, and disruption of database availability. The compromise of the database administrator account can also facilitate further lateral movement within the network, potentially exposing other critical systems. Organizations relying on Informix for critical business operations, financial data, or personal information are at significant risk of data breaches, regulatory non-compliance, and operational downtime. The ease of exploitation combined with the high impact on confidentiality, integrity, and availability makes this vulnerability a critical threat to database security worldwide.

1. Restrict local access to systems running IBM Informix Dynamic Server 14.10 to trusted personnel only, using strict access controls and monitoring. 2. Implement host-based intrusion detection and monitoring to detect unusual login attempts or privilege escalations on affected servers. 3. Until an official patch is released, consider isolating Informix servers from general user environments and limit administrative access through network segmentation and hardened OS configurations. 4. Review and harden Informix authentication configurations and consider additional layers of authentication or multi-factor authentication where possible. 5. Regularly audit system and database logs for suspicious activity indicative of unauthorized access attempts. 6. Stay informed on IBM security advisories for patches or official mitigation guidance and apply updates promptly once available. 7. Conduct internal penetration testing to verify the effectiveness of mitigations and identify any residual risks.