CVE-2021-20505
Last modified
CVE-2021-20505 is a medium-severity vulnerability rated 4.4/10 on the CVSS scale. The PowerVM Logical Partition Mobility(LPM) (PowerVM Hypervisor FW920, FW930, FW940, and FW950) encryption key exchange protocol can be compromised. If an attacker has the ability to capture encrypted LPM network traffic and is able to gain service access to the FSP they can use this information to perform a series of PowerVM service procedures to decrypt the captured migration traffic IBM X-Force ID: 198232. EPSS estimates a 0.55% chance of exploitation in the next 30 days.
Description
The PowerVM Logical Partition Mobility(LPM) (PowerVM Hypervisor FW920, FW930, FW940, and FW950) encryption key exchange protocol can be compromised. If an attacker has the ability to capture encrypted LPM network traffic and is able to gain service access to the FSP they can use this information to perform a series of PowerVM service procedures to decrypt the captured migration traffic IBM X-Force ID: 198232
Metrics
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Powervm Hypervisor | fw920 |
| Ibm | Powervm Hypervisor | fw930 |
| Ibm | Powervm Hypervisor | fw940 |
| Ibm | Powervm Hypervisor | fw950 |
References
- https://exchange.xforce.ibmcloud.com/vulnerabilities/198232VDB Entry, Vendor Advisory
- https://www.ibm.com/support/pages/node/6475619Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/198232VDB Entry, Vendor Advisory
- https://www.ibm.com/support/pages/node/6475619Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-20505?
How severe is CVE-2021-20505?
How do I fix CVE-2021-20505?
Are you affected by CVE-2021-20505?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST