Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM1194245B11271C050A454086D93797D0C26FAC927E85006360931ED732D85640
HistoryMar 16, 2023 - 3:02 p.m.

Security Bulletin: Multiple Vulnerabilities in Intel Firmware affect Cloud Pak System

2023-03-1615:02:28
www.ibm.com
18
intel firmware
cloud pak system
vulnerabilities
firmware update
ibm cloud pak system
sn550
sr630
x3550

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

0

Percentile

12.6%

JSON

Summary

Vulnerabilities in Intel firmware affect Cloud Pak System. Cloud Pak system nodes using Intel driver firmware recommended update.

Vulnerability Details

CVEID:CVE-2021-0197
**DESCRIPTION:**Intel Ethernet controllers are vulnerable to a denial of service, caused by a protection mechanism failure in the firmware. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/213146 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H)

CVEID:CVE-2021-0198
**DESCRIPTION:**Intel Ethernet controllers are vulnerable to a denial of service, caused by improper access control in the firmware. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 4.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/213149 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H)

CVEID:CVE-2021-0199
**DESCRIPTION:**Intel Ethernet controllers are vulnerable to a denial of service, caused by improper input validation in the firmware. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 3.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/213151 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L)

CVEID:CVE-2021-0200
**DESCRIPTION:**Intel Ethernet controllers could allow a local authenticated attacker to gain elevated privileges on the system, caused by an out-of-bounds write flaw in the firmware. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges.
CVSS Base score: 6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/213152 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Cloud Pak Systems v2.3
SN550 FW
SR630 FW
X3550 FW

Remediation/Fixes

Recommended solution for Cloud Pak System firmware update as reported in the table below.

Product System Node (s) Fix / FW Version(s)
IBM Cloud Pak System v2.3.3.6
SN550 FW 26.4
SR630 FW 26.4
X3550 FW 26.4

IBM Cloud Pak System firmware update available with Cloud Pak System 2.3.3.6.

IBM Cloud Pak System 2.3.3.6 also upgrade the ESXi component to ESXi P08.

For Cloud Pak System from 2.3, 2.3.0.1, v2.3.3.0, v.2.3.3.1, v.2.3.3.2, v.2.3.3.3, v2.3.3.3 Interim Fix 1, v2.3.3.4, v2.3.3.5

upgrade to IBM Cloud Pak System V2.3.3.6 at Fix Central

Information on upgrading at : <http://www.ibm.com/support/docview.wss?uid=ibm10887959&gt;

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmcloud_pak_systemMatch2.3
VendorProductVersionCPE
ibmcloud_pak_system2.3cpe:2.3:a:ibm:cloud_pak_system:2.3:*:*:*:*:*:*:*

Related

intel 1
hp 1
ibm 1
cve 4
prion 4
cvelist 4
nvd 4
intel
intel
Intel® Ethernet Advisory
2021-11-09 00:00:00
hp
hp
Intel® Ethernet November 2021 Security Update
2021-11-09 00:00:00
ibm
ibm
Security Bulletin: Intel Ethernet controllers as used in IBM QRadar SIEM are vulnerable to a denial of service (CVE-2021-0197, CVE-2021-0198, CVE-2021-0199, CVE-2021-0200)
2023-02-16 15:31:02
cve
cve
CVE-2021-0197
2021-11-17 20:15:09
CVE-2021-0200
2021-11-17 20:15:09
CVE-2021-0198
2021-11-17 20:15:09
prion
prion
Session fixation
2021-11-17 20:15:00
Cross site scripting
2021-11-17 20:15:00
Input validation
2021-11-17 20:15:00
cvelist
cvelist
CVE-2021-0197
2021-11-17 19:15:23
CVE-2021-0200
2021-11-17 19:14:27
CVE-2021-0199
2021-11-17 19:17:10
nvd
nvd
CVE-2021-0197
2021-11-17 20:15:09
CVE-2021-0200
2021-11-17 20:15:09
CVE-2021-0198
2021-11-17 20:15:09

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

0

Percentile

12.6%

JSON
Related for 1194245B11271C050A454086D93797D0C26FAC927E85006360931ED732D85640
intel1hp1ibm1cve4prion4cvelist4nvd4