← Back

CVE-2021-20487

nvd nist
Published: May 26, 2021Modified: Nov 21, 2024

JSON object

Loading...
9.1
Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Exploitability: 2.3 / Impact: 6.0
Source: NVD

Description

IBM Power9 Self Boot Engine(SBE) could allow a privileged user to inject malicious code and compromise the integrity of the host firmware bypassing the host firmware signature verification process.

Affected (4)

Ibm
2 products
Power9 System Firmware
Scale Out Lc System Firmware
Configuration A
2 vulnerable · 8 platform
Vulnerable SoftwareAffected Versions
Ibm
Power9 System Firmware
From fw930.00 to fw930.30
Power9 System Firmware
From fw940.00 to fw940.20
Running on/withPlatform Versions
Ibm
9008 22l
All versions
Ibm
9009 22a
All versions
Ibm
9009 41a
All versions
Ibm
9009 42a
All versions
Ibm
9040 Mr9
All versions
Ibm
9080 M9s
All versions
Ibm
9223 22h
All versions
Ibm
9223 42h
All versions
Configuration B
1 vulnerable · 5 platform
Vulnerable SoftwareAffected Versions
Power9 System Firmware
Before fw950.00
Running on/withPlatform Versions
Ibm
9009 22g
All versions
Ibm
9009 41g
All versions
Ibm
9009 42g
All versions
Ibm
9223 22s
All versions
Ibm
9223 42s
All versions
Configuration C
1 vulnerable · 3 platform
Vulnerable SoftwareAffected Versions
Scale Out Lc System Firmware
Before op940.20
Running on/withPlatform Versions
Ibm
8335 Gth
All versions
Ibm
8335 Gtx
All versions
Ibm
9183 22x
All versions

Related CWEs

CWE-347
Improper Verification of Cryptographic Signature
The product does not verify, or incorrectly verifies, the cryptographic signature for data.

References (4)

Source: psirt@us.ibm.com
VDB EntryVendor Advisory
Source: psirt@us.ibm.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
VDB EntryVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.