CVE-2021-20505

3 documents3 sources
Severity
4.4MEDIUM
EPSS
0.1%
top 72.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Powervm Hypervisor
Timeline
PublishedJul 29
Latest updateMay 24

Description

The PowerVM Logical Partition Mobility(LPM) (PowerVM Hypervisor FW920, FW930, FW940, and FW950) encryption key exchange protocol can be compromised. If an attacker has the ability to capture encrypted LPM network traffic and is able to gain service access to the FSP they can use this information to perform a series of PowerVM service procedures to decrypt the captured migration traffic IBM X-Force ID: 198232

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 0.7 | Impact: 3.6

Affected Packages2 packages

CVEListV5ibm/powervm_hypervisor4 versions+3
NVDibm/powervm_hypervisor4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-mhgr-vqp5-q6x4: The PowerVM Logical Partition Mobility(LPM) (PowerVM Hypervisor FW920, FW930, FW940, and FW950) encryption key exchange protocol can be compromised2022-05-24
CVEList
CVE-2021-20505: The PowerVM Logical Partition Mobility(LPM) (PowerVM Hypervisor FW920, FW930, FW940, and FW950) encryption key exchange protocol can be compromised2021-07-29
CVE-2021-20505 (MEDIUM CVSS 4.4) | The PowerVM Logical Partition Mobil | cvebase.io