Privilege Escalation in IBM Power9 Self Boot Engine
CVE-2021-20487
8HIGH
Summary
The IBM Power9 Self Boot Engine (SBE) vulnerability enables a privileged user to inject malicious code, compromising the integrity of the host firmware. This occurs through a bypass of the firmware signature verification process, presenting significant risks to system security. Organizations using IBM Power9 products should investigate and address this vulnerability to maintain secure operational environments.
Affected Version(s)
Power 9 Systems FW930
Power 9 Systems FW940
Power 9 Systems FW941
References
CVSS V3.1
Score:
8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved