CVE-2021-20505 — MEDIUM (4.4)

Vulnerability Description

The PowerVM Logical Partition Mobility(LPM) (PowerVM Hypervisor FW920, FW930, FW940, and FW950) encryption key exchange protocol can be compromised. If an attacker has the ability to capture encrypted LPM network traffic and is able to gain service access to the FSP they can use this information to perform a series of PowerVM service procedures to decrypt the captured migration traffic IBM X-Force ID: 198232

CVSS Score

4.4

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Ibm	Powervm Hypervisor	fw920

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/198232VDB EntryVendor Advisory
https://www.ibm.com/support/pages/node/6475619Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/198232VDB EntryVendor Advisory
https://www.ibm.com/support/pages/node/6475619Vendor Advisory

FAQ

What is CVE-2021-20505?

CVE-2021-20505 is a vulnerability with a CVSS score of 4.4 (MEDIUM). The PowerVM Logical Partition Mobility(LPM) (PowerVM Hypervisor FW920, FW930, FW940, and FW950) encryption key exchange protocol can be compromised. If an attacker has the ability to capture encrypted...

How severe is CVE-2021-20505?

CVE-2021-20505 has been rated MEDIUM with a CVSS base score of 4.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-20505?

Check the references section above for vendor advisories and patch information. Affected products include: Ibm Powervm Hypervisor.