Vulnerability Details : CVE-2021-22887
A vulnerability in the BIOS of Pulse Secure (PSA-Series Hardware) models PSA5000 and PSA7000 could allow an attacker to compromise BIOS firmware. This vulnerability can be exploited only as part of an attack chain. Before an attacker can compromise the BIOS, they must exploit the device.
Products affected by CVE-2021-22887
- cpe:2.3:o:supermicro:x10sl7-f_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:supermicro:x10sla-f_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:supermicro:x10slh-f_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:supermicro:x10sll-f_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:supermicro:x10sll-sf_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:supermicro:x10sll-s_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:supermicro:x10slm-f_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:supermicro:x10slm\+-f_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:supermicro:x10sll\+f_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:supermicro:x10slm\+ln4f_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:pulsesecure:psa-5000_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:pulsesecure:psa-7000_firmware:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-22887
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 10 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-22887
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:N/I:P/A:N |
3.9
|
2.9
|
NIST | |
2.3
|
LOW | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N |
0.8
|
1.4
|
NIST |
CWE ids for CVE-2021-22887
-
The product contains code that appears to be malicious in nature.Assigned by: support@hackerone.com (Secondary)
References for CVE-2021-22887
-
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44712
Pulse Security Advisory: SA44712 - 2021-02: Out-of-Cycle Advisory: Pulse Secure response to BIOS Trickboot VulnerabilityPatch;Vendor Advisory
-
https://www.supermicro.com/en/support/security/Trickbot
Supermicro’s response to Trickboot vulnerability, March 2021 | SupermicroThird Party Advisory
Jump to