CVE-2021-22887 — LOW (2.3) — White Hats Nepal

Q: How severe is CVE-2021-22887?

CVE-2021-22887 has been rated LOW with a CVSS base score of 2.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-22887?

Check the references section above for vendor advisories and patch information. Affected products include: Pulsesecure Psa-5000 Firmware, Pulsesecure Psa-5000, Pulsesecure Psa-7000 Firmware, Pulsesecure Psa-7000, Supermicro X10Slh-F Firmware.

Vulnerability Description

A vulnerability in the BIOS of Pulse Secure (PSA-Series Hardware) models PSA5000 and PSA7000 could allow an attacker to compromise BIOS firmware. This vulnerability can be exploited only as part of an attack chain. Before an attacker can compromise the BIOS, they must exploit the device.

CVSS Score

2.3

LOW

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Pulsesecure	Psa-5000 Firmware	-
Pulsesecure	Psa-5000	-
Pulsesecure	Psa-7000 Firmware	-
Pulsesecure	Psa-7000	-
Supermicro	X10Slh-F Firmware	< 3.4
Supermicro	X10Slh-F	-
Supermicro	X10Sll-F Firmware	< 3.4
Supermicro	X10Sll-F	-
Supermicro	X10Slm-F Firmware	< 3.4
Supermicro	X10Slm-F	-
Supermicro	X10Sll\+F Firmware	< 3.4
Supermicro	X10Sll\+F	-
Supermicro	X10Slm\+-F Firmware	< 3.4
Supermicro	X10Slm\+-F	-
Supermicro	X10Slm\+Ln4F Firmware	< 3.4
Supermicro	X10Slm\+Ln4F	-
Supermicro	X10Sla-F Firmware	< 3.4
Supermicro	X10Sla-F	-
Supermicro	X10Sl7-F Firmware	< 3.4
Supermicro	X10Sl7-F	-

Related Weaknesses (CWE)

CWE-506

References

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44712PatchVendor Advisory
https://www.supermicro.com/en/support/security/TrickbotThird Party Advisory
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44712PatchVendor Advisory
https://www.supermicro.com/en/support/security/TrickbotThird Party Advisory

FAQ

What is CVE-2021-22887?

CVE-2021-22887 is a vulnerability with a CVSS score of 2.3 (LOW). A vulnerability in the BIOS of Pulse Secure (PSA-Series Hardware) models PSA5000 and PSA7000 could allow an attacker to compromise BIOS firmware. This vulnerability can be exploited only as part of an...

How severe is CVE-2021-22887?

CVE-2021-22887 has been rated LOW with a CVSS base score of 2.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-22887?

Check the references section above for vendor advisories and patch information. Affected products include: Pulsesecure Psa-5000 Firmware, Pulsesecure Psa-5000, Pulsesecure Psa-7000 Firmware, Pulsesecure Psa-7000, Supermicro X10Slh-F Firmware.