CVE-2021-22887

A vulnerability in the BIOS of Pulse Secure (PSA-Series Hardware) models PSA5000 and PSA7000 could allow an attacker to compromise BIOS firmware. This vulnerability can be exploited only as part of an attack chain. Before an attacker can compromise the BIOS, they must exploit the device.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
2.3 LOW
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
hackeroneCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 19%
VendorProductVersion
pulsesecurepsa-5000_firmware
-
pulsesecurepsa-7000_firmware
-
supermicrox10slh-f_firmware
𝑥
< 3.4
supermicrox10sll-f_firmware
𝑥
< 3.4
supermicrox10slm-f_firmware
𝑥
< 3.4
supermicrox10sll\+f_firmware
𝑥
< 3.4
supermicrox10slm\+-f_firmware
𝑥
< 3.4
supermicrox10slm\+ln4f_firmware
𝑥
< 3.4
supermicrox10sla-f_firmware
𝑥
< 3.4
supermicrox10sl7-f_firmware
𝑥
< 3.4
supermicrox10sll-s_firmware
𝑥
< 3.4
supermicrox10sll-sf_firmware
𝑥
< 3.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44712
https://www.supermicro.com/en/support/security/Trickbot
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44712
https://www.supermicro.com/en/support/security/Trickbot