CVE-2021-22887

CWE-5063 documents3 sources

Severity

2.3LOW

EPSS

0.1%

top 66.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Supermicro X10sl7-f Firmware Supermicro X10sla-f Firmware Supermicro X10slh-f Firmware +7 more

Timeline

PublishedMar 16

Latest updateMay 24

Description

A vulnerability in the BIOS of Pulse Secure (PSA-Series Hardware) models PSA5000 and PSA7000 could allow an attacker to compromise BIOS firmware. This vulnerability can be exploited only as part of an attack chain. Before an attacker can compromise the BIOS, they must exploit the device.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:NExploitability: 0.8 | Impact: 1.4

Affected Packages10 packages

▶NVDsupermicro/x10sl7-f_firmware< 3.4

▶NVDsupermicro/x10sla-f_firmware< 3.4

▶NVDsupermicro/x10slh-f_firmware< 3.4

▶NVDsupermicro/x10sll-f_firmware< 3.4

▶NVDsupermicro/x10sll-s_firmware< 3.4

Patches

Patch: kb.pulsesecure.net ↗Patch: kb.pulsesecure.net ↗

🔴Vulnerability Details

GHSA

GHSA-gpmr-cr86-wc6h: A vulnerability in the BIOS of Pulse Secure (PSA-Series Hardware) models PSA5000 and PSA7000 could allow an attacker to compromise BIOS firmware↗2022-05-24

▶

CVEList

CVE-2021-22887: A vulnerability in the BIOS of Pulse Secure (PSA-Series Hardware) models PSA5000 and PSA7000 could allow an attacker to compromise BIOS firmware↗2021-03-16

▶