2.3

CVE-2021-22887

EPSS 0.06%
Veröffentlicht 16.03.2021 16:15:14
Zuletzt bearbeitet 21.11.2024 05:50:50
Quelle support@hackerone.com
Teams Watchlist Login
Unerledigt Login

A vulnerability in the BIOS of Pulse Secure (PSA-Series Hardware) models PSA5000 and PSA7000 could allow an attacker to compromise BIOS firmware. This vulnerability can be exploited only as part of an attack chain. Before an attacker can compromise the BIOS, they must exploit the device.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Pulsesecure ≫ Psa-5000 Firmware Version-

Pulsesecure ≫ Psa-5000 Version-

Pulsesecure ≫ Psa-7000 Firmware Version-

Pulsesecure ≫ Psa-7000 Version-

Supermicro ≫ X10slh-f Firmware Version < 3.4

Supermicro ≫ X10slh-f Version-

Supermicro ≫ X10sll-f Firmware Version < 3.4

Supermicro ≫ X10sll-f Version-

Supermicro ≫ X10slm-f Firmware Version < 3.4

Supermicro ≫ X10slm-f Version-

Supermicro ≫ X10sll+f Firmware Version < 3.4

Supermicro ≫ X10sll+f Version-

Supermicro ≫ X10slm+-f Firmware Version < 3.4

Supermicro ≫ X10slm+-f Version-

Supermicro ≫ X10slm+ln4f Firmware Version < 3.4

Supermicro ≫ X10slm+ln4f Version-

Supermicro ≫ X10sla-f Firmware Version < 3.4

Supermicro ≫ X10sla-f Version-

Supermicro ≫ X10sl7-f Firmware Version < 3.4

Supermicro ≫ X10sl7-f Version-

Supermicro ≫ X10sll-s Firmware Version < 3.4

Supermicro ≫ X10sll-s Version-

Supermicro ≫ X10sll-sf Firmware Version < 3.4

Supermicro ≫ X10sll-sf Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.158

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	2.3	0.8	1.4	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:N/I:P/A:N

CWE-506 Embedded Malicious Code

The product contains code that appears to be malicious in nature.

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44712

Patch

Vendor Advisory

https://www.supermicro.com/en/support/security/Trickbot

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-22887

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-22887

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-22887

EUVD