CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
58.3%
A security problem for CVE-2022-34331 was addressed where switches configured to monitor network traffic for malicious activity are not effective because of errant adapter configuration changes. The misconfigured adapter can cause network traffic to flow directly between the VFs and not out the physical port hence bypassing any possible monitoring that could be configured in the switch. Packets may not be forwarded after a firmware update, or after certain error scenarios which require an adapter reset. Users configuring or using VEPA mode should install this update. These fixes pertain to adapters with the following Feature Codes and CCINs: #EC2R/EC2S with CCIN 58FA; #EC2T/EC2U with CCIN 58FB; and #EC66/EC67 with CCIN 2CF3. Update instructions: https://www.ibm.com/docs/en/power10?topic=updates-sr-iov-firmware-update
CVEID:CVE-2022-34331
**DESCRIPTION:**After performing a sequence of Power FW maintenance operations a SRIOV network adapter can be improperly configured leading to desired VEPA configuration being disabled.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/229695 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L)
Affected Product(s) | Version(s) |
---|---|
PowerVM Hypervisor | FW1010 and later |
PowerVM Hypervisor | FW950 and later |
Customers with the products below should install FW950.50(950_105), FW1010.40(1010_146) or newer to remediate this concern.
Power 9
IBM Power System S922 (9009-22A, 9009-22G)
IBM Power System H922 (9223-22H, 9223-22S)
IBM Power System S914 (9009-41A, 9009-41G)
IBM Power System S924 (9009-42A, 9009-42G)
IBM Power System H924 (9223-42H, 9223-42S)
IBM Power System E950 (9040-MR9)
IBM Power System E980 (9080-M9S)
Power 10
None
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
58.3%