CVE-2021-22887

Published: Mar 16, 2021Modified: Nov 21, 2024

2.3

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

Exploitability: 0.8 / Impact: 1.4

Source: NVD

Description

A vulnerability in the BIOS of Pulse Secure (PSA-Series Hardware) models PSA5000 and PSA7000 could allow an attacker to compromise BIOS firmware. This vulnerability can be exploited only as part of an attack chain. Before an attacker can compromise the BIOS, they must exploit the device.

Affected (12)

Products: Pulsesecure: Psa 5000 Firmware, Psa 7000 Firmware · Supermicro: X10slh F Firmware, X10sll F Firmware, X10slm+ F Firmware, X10sll+f Firmware, X10slm+ln4f Firmware, X10sla F Firmware, X10sl7 F Firmware, X10sll S Firmware, X10sll Sf Firmware

2 products

9 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Pulsesecure Psa 5000 Firmware	All versions

Running on/with	Platform Versions
Pulsesecure Psa 5000	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Pulsesecure Psa 7000 Firmware	All versions

Running on/with	Platform Versions
Pulsesecure Psa 7000	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Supermicro X10slh F Firmware	Before 3.4

Running on/with	Platform Versions
Supermicro X10slh F	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Supermicro X10sll F Firmware	Before 3.4

Running on/with	Platform Versions
Supermicro X10sll F	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Supermicro X10slm F Firmware	Before 3.4

Running on/with	Platform Versions
Supermicro X10slm F	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Supermicro X10sll+f Firmware	Before 3.4

Running on/with	Platform Versions
Supermicro X10sll+f	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Supermicro X10slm+ F Firmware	Before 3.4

Running on/with	Platform Versions
Supermicro X10slm+ F	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Supermicro X10slm+ln4f Firmware	Before 3.4

Running on/with	Platform Versions
Supermicro X10slm+ln4f	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Supermicro X10sla F Firmware	Before 3.4

Running on/with	Platform Versions
Supermicro X10sla F	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Supermicro X10sl7 F Firmware	Before 3.4

Running on/with	Platform Versions
Supermicro X10sl7 F	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Supermicro X10sll S Firmware	Before 3.4

Running on/with	Platform Versions
Supermicro X10sll S	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Supermicro X10sll Sf Firmware	Before 3.4

Running on/with	Platform Versions
Supermicro X10sll Sf	All versions

Related CWEs

CWE-506

Embedded Malicious Code

The product contains code that appears to be malicious in nature.

References (4)

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44712

Source: support@hackerone.com

PatchVendor Advisory

https://www.supermicro.com/en/support/security/Trickbot

Source: support@hackerone.com

Third Party Advisory

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44712

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://www.supermicro.com/en/support/security/Trickbot

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.