Vulnerabilites related to supermicro - x10slm\+ln4f
cve-2021-22887
Vulnerability from cvelistv5
Published
2021-03-16 15:04
Modified
2024-08-03 18:58
Severity ?
EPSS score ?
Summary
A vulnerability in the BIOS of Pulse Secure (PSA-Series Hardware) models PSA5000 and PSA7000 could allow an attacker to compromise BIOS firmware. This vulnerability can be exploited only as part of an attack chain. Before an attacker can compromise the BIOS, they must exploit the device.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44712 | x_refsource_MISC | |
| https://www.supermicro.com/en/support/security/Trickbot | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | PSA5000, PSA7000 |
Version: Fixed in 3.0d |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:58:24.684Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44712"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.supermicro.com/en/support/security/Trickbot"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PSA5000, PSA7000",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in 3.0d"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the BIOS of Pulse Secure (PSA-Series Hardware) models PSA5000 and PSA7000 could allow an attacker to compromise BIOS firmware. This vulnerability can be exploited only as part of an attack chain. Before an attacker can compromise the BIOS, they must exploit the device."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-506",
"description": "Embedded Malicious Code (CWE-506)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-16T15:04:37",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44712"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.supermicro.com/en/support/security/Trickbot"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2021-22887",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PSA5000, PSA7000",
"version": {
"version_data": [
{
"version_value": "Fixed in 3.0d"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the BIOS of Pulse Secure (PSA-Series Hardware) models PSA5000 and PSA7000 could allow an attacker to compromise BIOS firmware. This vulnerability can be exploited only as part of an attack chain. Before an attacker can compromise the BIOS, they must exploit the device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Embedded Malicious Code (CWE-506)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44712",
"refsource": "MISC",
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44712"
},
{
"name": "https://www.supermicro.com/en/support/security/Trickbot",
"refsource": "MISC",
"url": "https://www.supermicro.com/en/support/security/Trickbot"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2021-22887",
"datePublished": "2021-03-16T15:04:37",
"dateReserved": "2021-01-06T00:00:00",
"dateUpdated": "2024-08-03T18:58:24.684Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2021-03-16 16:15
Modified
2024-11-21 05:50
Severity ?
Summary
A vulnerability in the BIOS of Pulse Secure (PSA-Series Hardware) models PSA5000 and PSA7000 could allow an attacker to compromise BIOS firmware. This vulnerability can be exploited only as part of an attack chain. Before an attacker can compromise the BIOS, they must exploit the device.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| support@hackerone.com | https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44712 | Patch, Vendor Advisory | |
| support@hackerone.com | https://www.supermicro.com/en/support/security/Trickbot | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44712 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.supermicro.com/en/support/security/Trickbot | Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:pulsesecure:psa-5000_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "80CC4081-CCA6-4D44-838F-9EB52FD978C1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:pulsesecure:psa-5000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B6F03F5E-72B5-4E19-8197-62AC1FCD5199",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:pulsesecure:psa-7000_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C1693B89-44A4-42B1-81F7-E29DDA16ECD4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:pulsesecure:psa-7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4997E5B4-0EDA-41E0-8BEF-9297A486F0C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:supermicro:x10slh-f_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "85025F6A-1211-40A3-91E6-331C35207FD2",
"versionEndExcluding": "3.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:supermicro:x10slh-f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52A12FF2-6211-4924-AF01-A05886E08D42",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:supermicro:x10sll-f_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8ACBA1D4-F2DF-4A99-A31E-730A4B37C60E",
"versionEndExcluding": "3.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:supermicro:x10sll-f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2D4D8487-4B77-4346-9890-65C4B49FAE64",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:supermicro:x10slm-f_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CAD83CA-5831-40E2-90DF-DE47BF1054B3",
"versionEndExcluding": "3.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:supermicro:x10slm-f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5AF19EEA-9C85-4410-B320-8A3092772B25",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:supermicro:x10sll\\+f_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E0B1A1EC-7506-4929-8BCE-2787C7A2A447",
"versionEndExcluding": "3.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:supermicro:x10sll\\+f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F5C61A1D-531F-436F-9AB4-478783DF5791",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:supermicro:x10slm\\+-f_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B0A630E7-8C70-4221-A599-BEAA8C3AE70E",
"versionEndExcluding": "3.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:supermicro:x10slm\\+-f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B44DFDA-7DC7-40E2-80C8-A3BCEC13DD6C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:supermicro:x10slm\\+ln4f_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F5807F75-CEAC-4907-B728-E69419F31FD3",
"versionEndExcluding": "3.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:supermicro:x10slm\\+ln4f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "613FB90A-028B-40F3-8904-DBA0A2059138",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:supermicro:x10sla-f_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B67CE7D3-A95D-4684-A1D0-0231A6202624",
"versionEndExcluding": "3.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:supermicro:x10sla-f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B2609DD5-F528-4D1D-9C05-2F1EC5913D1A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:supermicro:x10sl7-f_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C24F289D-1DFC-4CC6-B532-57D68A7149E9",
"versionEndExcluding": "3.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:supermicro:x10sl7-f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA44D755-24EE-4316-96E1-FA05AB532074",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:supermicro:x10sll-s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42D69601-5076-4477-B944-FBA2C52571B1",
"versionEndExcluding": "3.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:supermicro:x10sll-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7856BB2-765E-44C4-BA7E-6074D8B0991F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:supermicro:x10sll-sf_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0D26D0C4-0978-41AB-90EE-ABB6086BFB7D",
"versionEndExcluding": "3.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:supermicro:x10sll-sf:-:*:*:*:*:*:*:*",
"matchCriteriaId": "90A441DC-264D-4BF1-9920-5551B9BB4E71",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the BIOS of Pulse Secure (PSA-Series Hardware) models PSA5000 and PSA7000 could allow an attacker to compromise BIOS firmware. This vulnerability can be exploited only as part of an attack chain. Before an attacker can compromise the BIOS, they must exploit the device."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el BIOS de los modelos Pulse Secure (hardware de la serie PSA) PSA5000 y PSA7000, podr\u00eda permitir a un atacante comprometer el firmware del BIOS.\u0026#xa0;Esta vulnerabilidad solo puede ser explotada como parte de una cadena de ataque.\u0026#xa0;Antes de que un atacante pueda comprometer el BIOS, deben explotar el dispositivo"
}
],
"id": "CVE-2021-22887",
"lastModified": "2024-11-21T05:50:50.620",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-16T16:15:14.037",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44712"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.supermicro.com/en/support/security/Trickbot"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44712"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.supermicro.com/en/support/security/Trickbot"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-506"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}