CVE-2022-34331

After performing a sequence of Power FW950, FW1010 maintenance operations a SRIOV network adapter can be improperly configured leading to desired VEPA configuration being disabled. IBM X-Force ID: 229695.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.3 / Impact : 3.7

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope CHANGED

References

Link	Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/229695	Broken Link VDB Entry Vendor Advisory
https://www.ibm.com/support/pages/node/6833632	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/229695	Broken Link VDB Entry Vendor Advisory
https://www.ibm.com/support/pages/node/6833632	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:ibm:powervm_hypervisor:fw950:::::::*
	cpe:2.3:o:ibm:powervm_hypervisor:fw1010:::::::*

History

21 Nov 2024, 07:09

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~9.8~~	v2 : unknown v3 : 5.5
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/229695 - Broken Link, VDB Entry, Vendor Advisory~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/229695 - Broken Link, VDB Entry, Vendor Advisory
References	~~() https://www.ibm.com/support/pages/node/6833632 - Vendor Advisory~~	() https://www.ibm.com/support/pages/node/6833632 - Vendor Advisory

07 Nov 2023, 03:48

Type	Values Removed	Values Added
Summary	After performing a sequence of Power FW950, FW1010 maintenance operations a SRIOV network adapter can be improperly configured leading to desired VEPA configuration being disabled. IBM X-Force ID: 229695.	After performing a sequence of Power FW950, FW1010 maintenance operations a SRIOV network adapter can be improperly configured leading to desired VEPA configuration being disabled. IBM X-Force ID: 229695.

Information

Published : 2022-11-11 18:15

Updated : 2024-11-21 07:09

NVD link : CVE-2022-34331

Mitre link : CVE-2022-34331

CVE.ORG link : CVE-2022-34331

JSON object : View

Products Affected

ibm

powervm_hypervisor

CWE

CWE-287

Improper Authentication

{"id": "CVE-2022-34331", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@us.ibm.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 3.7, "exploitabilityScore": 1.3}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2022-11-11T18:15:09.767", "references": [{"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/229695", "tags": ["Broken Link", "VDB Entry", "Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://www.ibm.com/support/pages/node/6833632", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/229695", "tags": ["Broken Link", "VDB Entry", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.ibm.com/support/pages/node/6833632", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "psirt@us.ibm.com", "description": [{"lang": "en", "value": "CWE-287"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "After performing a sequence of Power FW950, FW1010 maintenance operations a SRIOV network adapter can be improperly configured leading to desired VEPA configuration being disabled. IBM X-Force ID: 229695."}, {"lang": "es", "value": "Despu\u00e9s de realizar una secuencia de operaciones de mantenimiento de Power FW950, FW1010, es posible que un adaptador de red SRIOV est\u00e9 configurado incorrectamente, lo que provocar\u00e1 que se desactive la configuraci\u00f3n VEPA deseada. ID de IBM X-Force: 229695."}], "lastModified": "2024-11-21T07:09:18.873", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ibm:powervm_hypervisor:fw950:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "84837FC8-545A-44B4-8144-F8DC8EBCB165"}, {"criteria": "cpe:2.3:o:ibm:powervm_hypervisor:fw1010:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9A129D1C-318D-4755-8654-FC6BA978ADE0"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}