CVE-2021-22887
Published on: 03/16/2021 12:00:00 AM UTC
Last Modified on: 03/23/2021 11:29:09 PM UTC
Certain versions of Psa-5000 from Pulsesecure contain the following vulnerability:
A vulnerability in the BIOS of Pulse Secure (PSA-Series Hardware) models PSA5000 and PSA7000 could allow an attacker to compromise BIOS firmware. This vulnerability can be exploited only as part of an attack chain. Before an attacker can compromise the BIOS, they must exploit the device.
- CVE-2021-22887 has been assigned by [email protected] to track the vulnerability - currently rated as LOW severity.
CVSS3 Score: 2.3 - LOW
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
---|---|---|---|
LOCAL | LOW | HIGH | NONE |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
UNCHANGED | NONE | LOW | NONE |
CVSS2 Score: 2.1 - LOW
Access Vector ⓘ |
Access Complexity |
Authentication |
---|---|---|
LOCAL | LOW | NONE |
Confidentiality Impact |
Integrity Impact |
Availability Impact |
NONE | PARTIAL | NONE |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
Supermicro’s response to Trickboot vulnerability, March 2021 | Supermicro | www.supermicro.com text/html | MISC www.supermicro.com/en/support/security/Trickbot |
Public KB - SA44712 - 2021-02: Out-of-Cycle Advisory: Pulse Secure response to BIOS Trickboot Vulnerability | kb.pulsesecure.net text/html | MISC kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44712 |
There are currently no QIDs associated with this CVE
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Hardware | Pulsesecure | Psa-5000 | - | All | All | All |
Operating System | Pulsesecure | Psa-5000 Firmware | - | All | All | All |
Hardware | Pulsesecure | Psa-7000 | - | All | All | All |
Operating System | Pulsesecure | Psa-7000 Firmware | - | All | All | All |
Hardware | Supermicro | X10sl7-f | - | All | All | All |
Operating System | Supermicro | X10sl7-f Firmware | All | All | All | All |
Hardware | Supermicro | X10sla-f | - | All | All | All |
Operating System | Supermicro | X10sla-f Firmware | All | All | All | All |
Hardware | Supermicro | X10slh-f | - | All | All | All |
Operating System | Supermicro | X10slh-f Firmware | All | All | All | All |
Hardware | Supermicro | X10sll-f | - | All | All | All |
Operating System | Supermicro | X10sll-f Firmware | All | All | All | All |
Hardware | Supermicro | X10sll-s | - | All | All | All |
Hardware | Supermicro | X10sll-sf | - | All | All | All |
Operating System | Supermicro | X10sll-sf Firmware | All | All | All | All |
Operating System | Supermicro | X10sll-s Firmware | All | All | All | All |
Hardware | Supermicro | X10sll F | - | All | All | All |
Operating System | Supermicro | X10sll F Firmware | All | All | All | All |
Hardware | Supermicro | X10slm-f | - | All | All | All |
Operating System | Supermicro | X10slm-f Firmware | All | All | All | All |
Hardware | Supermicro | X10slm -f | - | All | All | All |
Operating System | Supermicro | X10slm -f Firmware | All | All | All | All |
Hardware | Supermicro | X10slm Ln4f | - | All | All | All |
Operating System | Supermicro | X10slm Ln4f Firmware | All | All | All | All |
- cpe:2.3:h:pulsesecure:psa-5000:-:*:*:*:*:*:*:*:
- cpe:2.3:o:pulsesecure:psa-5000_firmware:-:*:*:*:*:*:*:*:
- cpe:2.3:h:pulsesecure:psa-7000:-:*:*:*:*:*:*:*:
- cpe:2.3:o:pulsesecure:psa-7000_firmware:-:*:*:*:*:*:*:*:
- cpe:2.3:h:supermicro:x10sl7-f:-:*:*:*:*:*:*:*:
- cpe:2.3:o:supermicro:x10sl7-f_firmware:*:*:*:*:*:*:*:*:
- cpe:2.3:h:supermicro:x10sla-f:-:*:*:*:*:*:*:*:
- cpe:2.3:o:supermicro:x10sla-f_firmware:*:*:*:*:*:*:*:*:
- cpe:2.3:h:supermicro:x10slh-f:-:*:*:*:*:*:*:*:
- cpe:2.3:o:supermicro:x10slh-f_firmware:*:*:*:*:*:*:*:*:
- cpe:2.3:h:supermicro:x10sll-f:-:*:*:*:*:*:*:*:
- cpe:2.3:o:supermicro:x10sll-f_firmware:*:*:*:*:*:*:*:*:
- cpe:2.3:h:supermicro:x10sll-s:-:*:*:*:*:*:*:*:
- cpe:2.3:h:supermicro:x10sll-sf:-:*:*:*:*:*:*:*:
- cpe:2.3:o:supermicro:x10sll-sf_firmware:*:*:*:*:*:*:*:*:
- cpe:2.3:o:supermicro:x10sll-s_firmware:*:*:*:*:*:*:*:*:
- cpe:2.3:h:supermicro:x10sll\+f:-:*:*:*:*:*:*:*:
- cpe:2.3:o:supermicro:x10sll\+f_firmware:*:*:*:*:*:*:*:*:
- cpe:2.3:h:supermicro:x10slm-f:-:*:*:*:*:*:*:*:
- cpe:2.3:o:supermicro:x10slm-f_firmware:*:*:*:*:*:*:*:*:
- cpe:2.3:h:supermicro:x10slm\+-f:-:*:*:*:*:*:*:*:
- cpe:2.3:o:supermicro:x10slm\+-f_firmware:*:*:*:*:*:*:*:*:
- cpe:2.3:h:supermicro:x10slm\+ln4f:-:*:*:*:*:*:*:*:
- cpe:2.3:o:supermicro:x10slm\+ln4f_firmware:*:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE