CVE-2021-22887
Summary
| CVE | CVE-2021-22887 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-03-16 16:15:00 UTC |
| Updated | 2021-03-22 19:43:00 UTC |
| Description | A vulnerability in the BIOS of Pulse Secure (PSA-Series Hardware) models PSA5000 and PSA7000 could allow an attacker to compromise BIOS firmware. This vulnerability can be exploited only as part of an attack chain. Before an attacker can compromise the BIOS, they must exploit the device. |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Pulsesecure | Psa-5000 | - | All | All | All |
| Operating System | Pulsesecure | Psa-5000 Firmware | - | All | All | All |
| Hardware | Pulsesecure | Psa-7000 | - | All | All | All |
| Operating System | Pulsesecure | Psa-7000 Firmware | - | All | All | All |
| Hardware | Supermicro | X10sl7-f | - | All | All | All |
| Operating System | Supermicro | X10sl7-f Firmware | All | All | All | All |
| Hardware | Supermicro | X10sla-f | - | All | All | All |
| Operating System | Supermicro | X10sla-f Firmware | All | All | All | All |
| Hardware | Supermicro | X10slh-f | - | All | All | All |
| Operating System | Supermicro | X10slh-f Firmware | All | All | All | All |
| Hardware | Supermicro | X10sll-f | - | All | All | All |
| Operating System | Supermicro | X10sll-f Firmware | All | All | All | All |
| Hardware | Supermicro | X10sll-s | - | All | All | All |
| Hardware | Supermicro | X10sll-sf | - | All | All | All |
| Operating System | Supermicro | X10sll-sf Firmware | All | All | All | All |
| Operating System | Supermicro | X10sll-s Firmware | All | All | All | All |
| Hardware | Supermicro | X10sll F | - | All | All | All |
| Operating System | Supermicro | X10sll F Firmware | All | All | All | All |
| Hardware | Supermicro | X10slm-f | - | All | All | All |
| Operating System | Supermicro | X10slm-f Firmware | All | All | All | All |
| Hardware | Supermicro | X10slm -f | - | All | All | All |
| Operating System | Supermicro | X10slm -f Firmware | All | All | All | All |
| Hardware | Supermicro | X10slm Ln4f | - | All | All | All |
| Operating System | Supermicro | X10slm Ln4f Firmware | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Supermicro’s response to Trickboot vulnerability, March 2021 | Supermicro | MISC | www.supermicro.com | |
| Public KB - SA44712 - 2021-02: Out-of-Cycle Advisory: Pulse Secure response to BIOS Trickboot Vulnerability | MISC | kb.pulsesecure.net | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.