CVE-2021-22887
Last modified
CVE-2021-22887 is a low-severity vulnerability rated 2.3/10 on the CVSS scale. A vulnerability in the BIOS of Pulse Secure (PSA-Series Hardware) models PSA5000 and PSA7000 could allow an attacker to compromise BIOS firmware. This vulnerability can be exploited only as part of an attack chain. EPSS estimates a 0.25% chance of exploitation in the next 30 days.
Description
A vulnerability in the BIOS of Pulse Secure (PSA-Series Hardware) models PSA5000 and PSA7000 could allow an attacker to compromise BIOS firmware. This vulnerability can be exploited only as part of an attack chain. Before an attacker can compromise the BIOS, they must exploit the device.
Metrics
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Pulsesecure | Psa-5000 Firmware | All versions |
| Pulsesecure | Psa-7000 Firmware | All versions |
| Supermicro | X10slh-F Firmware | < 3.4 |
| Supermicro | X10sll-F Firmware | < 3.4 |
| Supermicro | X10slm-F Firmware | < 3.4 |
| Supermicro | X10sll\+F Firmware | < 3.4 |
| Supermicro | X10slm\+-F Firmware | < 3.4 |
| Supermicro | X10slm\+Ln4f Firmware | < 3.4 |
| Supermicro | X10sla-F Firmware | < 3.4 |
| Supermicro | X10sl7-F Firmware | < 3.4 |
| Supermicro | X10sll-S Firmware | < 3.4 |
| Supermicro | X10sll-Sf Firmware | < 3.4 |
References
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44712Patch, Vendor Advisory
- https://www.supermicro.com/en/support/security/TrickbotThird Party Advisory
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44712Patch, Vendor Advisory
- https://www.supermicro.com/en/support/security/TrickbotThird Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-22887?
How severe is CVE-2021-22887?
How do I fix CVE-2021-22887?
Are you affected by CVE-2021-22887?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST