CVE-2022-34331

CWE-287Improper Authentication3 documents3 sources
Severity
9.8CRITICAL
EPSS
0.2%
top 58.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Power FWIBM Powervm Hypervisor
Timeline
PublishedNov 11

Description

After performing a sequence of Power FW950, FW1010 maintenance operations a SRIOV network adapter can be improperly configured leading to desired VEPA configuration being disabled. IBM X-Force ID: 229695.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:LExploitability: 1.3 | Impact: 3.7

Affected Packages2 packages

CVEListV5ibm/power_fwFW950, FW1010
NVDibm/powervm_hypervisorfw1010, fw950+1

🔴Vulnerability Details

2
CVEList
IBM Power FW security bypass2022-11-11
GHSA
GHSA-gjfg-4cm8-4m2j: After performing a sequence of Power FW950, FW1010 maintenance operations a SRIOV network adapter can be improperly configured leading to desired VEPA2022-11-11
CVE-2022-34331 (CRITICAL CVSS 9.8) | After performing a sequence of Powe | cvebase.io