Privilege Escalation in IBM Power9 Self Boot Engine
CVE-2021-20487

8HIGH

Key Information:

Vendor
IBM
Vendor
CVE Published:
26 May 2021

Summary

The IBM Power9 Self Boot Engine (SBE) vulnerability enables a privileged user to inject malicious code, compromising the integrity of the host firmware. This occurs through a bypass of the firmware signature verification process, presenting significant risks to system security. Organizations using IBM Power9 products should investigate and address this vulnerability to maintain secure operational environments.

Affected Version(s)

Power 9 Systems FW930

Power 9 Systems FW940

Power 9 Systems FW941

References

CVSS V3.1

Score:
8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.