Vulnerability Details : CVE-2021-20505
The PowerVM Logical Partition Mobility(LPM) (PowerVM Hypervisor FW920, FW930, FW940, and FW950) encryption key exchange protocol can be compromised. If an attacker has the ability to capture encrypted LPM network traffic and is able to gain service access to the FSP they can use this information to perform a series of PowerVM service procedures to decrypt the captured migration traffic IBM X-Force ID: 198232
Products affected by CVE-2021-20505
- cpe:2.3:o:ibm:powervm_hypervisor:fw920:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:powervm_hypervisor:fw930:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:powervm_hypervisor:fw940:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:powervm_hypervisor:fw950:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-20505
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 8 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-20505
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
3.5
|
LOW | AV:N/AC:M/Au:S/C:P/I:N/A:N |
6.8
|
2.9
|
NIST | |
4.4
|
MEDIUM | CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N |
0.7
|
3.6
|
IBM Corporation | |
4.4
|
MEDIUM | CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N |
0.7
|
3.6
|
NIST |
References for CVE-2021-20505
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/198232
IBMPower System information disclosure CVE-2021-20505 Vulnerability ReportVDB Entry;Vendor Advisory
-
https://www.ibm.com/support/pages/node/6475619
Security Bulletin: This Power System update is being released to address CVE 2021-20505Vendor Advisory
Jump to