CVE-2022-34331

After performing a sequence of Power FW950, FW1010 maintenance operations a SRIOV network adapter can be improperly configured leading to desired VEPA configuration being disabled. IBM X-Force ID: 229695.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/229695	Broken Link VDB Entry Vendor Advisory
https://www.ibm.com/support/pages/node/6833632	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:ibm:powervm_hypervisor:fw950:::::::*
	cpe:2.3:o:ibm:powervm_hypervisor:fw1010:::::::*

History

No history.

Information

Published : 2022-11-11 18:15

Updated : 2023-11-07 03:48

NVD link : CVE-2022-34331

Mitre link : CVE-2022-34331

CVE.ORG link : CVE-2022-34331

JSON object : View

Products Affected

ibm

powervm_hypervisor

CWE

CWE-287

Improper Authentication

{"id": "CVE-2022-34331", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "psirt@us.ibm.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 3.7, "exploitabilityScore": 1.3}]}, "published": "2022-11-11T18:15:09.767", "references": [{"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/229695", "tags": ["Broken Link", "VDB Entry", "Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://www.ibm.com/support/pages/node/6833632", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}, {"type": "Secondary", "source": "psirt@us.ibm.com", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "After performing a sequence of Power FW950, FW1010 maintenance operations a SRIOV network adapter can be improperly configured leading to desired VEPA configuration being disabled. IBM X-Force ID: 229695."}, {"lang": "es", "value": "Despu\u00e9s de realizar una secuencia de operaciones de mantenimiento de Power FW950, FW1010, es posible que un adaptador de red SRIOV est\u00e9 configurado incorrectamente, lo que provocar\u00e1 que se desactive la configuraci\u00f3n VEPA deseada. ID de IBM X-Force: 229695."}], "lastModified": "2023-11-07T03:48:32.757", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ibm:powervm_hypervisor:fw950:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "84837FC8-545A-44B4-8144-F8DC8EBCB165"}, {"criteria": "cpe:2.3:o:ibm:powervm_hypervisor:fw1010:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9A129D1C-318D-4755-8654-FC6BA978ADE0"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}