CVE-2021-20505

4.4MEDIUM

Key Information:

Vendor: IBM
Status: Powervm Hypervisor
Vendor: CVE Published:; 29 July 2021

Summary

The PowerVM Logical Partition Mobility(LPM) (PowerVM Hypervisor FW920, FW930, FW940, and FW950) encryption key exchange protocol can be compromised. If an attacker has the ability to capture encrypted LPM network traffic and is able to gain service access to the FSP they can use this information to perform a series of PowerVM service procedures to decrypt the captured migration traffic IBM X-Force ID: 198232

Affected Version(s)

PowerVM Hypervisor FW920

PowerVM Hypervisor FW930

PowerVM Hypervisor FW940

References

https://www.ibm.com/support/pages/node/6475619

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/198232

vdb-entryx_refsource_XF

CVSS V3.1

Score:

4.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 29, 2021
Vulnerability Reserved
Dec 17, 2020