Vulnerability Description
IBM Power9 Self Boot Engine(SBE) could allow a privileged user to inject malicious code and compromise the integrity of the host firmware bypassing the host firmware signature verification process.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Power9 System Firmware | >= fw930.00, < fw930.30 |
| Ibm | 9008-22L | - |
| Ibm | 9009-22A | - |
| Ibm | 9009-41A | - |
| Ibm | 9009-42A | - |
| Ibm | 9040-Mr9 | - |
| Ibm | 9080-M9S | - |
| Ibm | 9223-22H | - |
| Ibm | 9223-42H | - |
| Ibm | 9009-22G | - |
| Ibm | 9009-41G | - |
| Ibm | 9009-42G | - |
| Ibm | 9223-22S | - |
| Ibm | 9223-42S | - |
| Ibm | Scale-Out Lc System Firmware | < op940.20 |
| Ibm | 8335-Gth | - |
| Ibm | 8335-Gtx | - |
| Ibm | 9183-22X | - |
Related Weaknesses (CWE)
References
- https://exchange.xforce.ibmcloud.com/vulnerabilities/197730VDB EntryVendor Advisory
- https://www.ibm.com/support/pages/node/6455911Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/197730VDB EntryVendor Advisory
- https://www.ibm.com/support/pages/node/6455911Vendor Advisory
FAQ
What is CVE-2021-20487?
CVE-2021-20487 is a vulnerability with a CVSS score of 9.1 (CRITICAL). IBM Power9 Self Boot Engine(SBE) could allow a privileged user to inject malicious code and compromise the integrity of the host firmware bypassing the host firmware signature verification process.
How severe is CVE-2021-20487?
CVE-2021-20487 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-20487?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Power9 System Firmware, Ibm 9008-22L, Ibm 9009-22A, Ibm 9009-41A, Ibm 9009-42A.