A vulnerability was found in IBM PowerVM Hypervisor FW920, PowerVM Hypervisor FW930, PowerVM Hypervisor FW940, PowerVM Hypervisor and PowerVM Hypervisor FW950 and classified as problematic. Affected by this issue is an unknown code block of the component LPM Traffic Handler. Upgrading eliminates this vulnerability.
Description
The PowerVM Logical Partition Mobility(LPM) (PowerVM Hypervisor FW920, FW930, FW940, and FW950) encryption key exchange protocol can be compromised. If an attacker has the ability to capture encrypted LPM network traffic and is able to gain service access to the FSP they can use this information to perform a series of PowerVM service procedures to decrypt the captured migration traffic IBM X-Force ID: 198232.
| CVE-ID |
CVE-2021-20505 |
|---|---|
| Risk Score | 4.4 |
| Severity rating: | MEDIUM |
| CVSS Vector: | AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N |
| Vendor | IBM |
| Remote Access | Yes |
Affected product(s) and affected version(s):
| Affected Product(s) | Version(s) |
| PowerVM Hypervisor | FW920 |
| PowerVM Hypervisor | FW930 |
| PowerVM Hypervisor | FW940 |
| PowerVM Hypervisor | FW950 |
Basic Matrices
| Attack Vector: | Network |
| Attack Complexity: | High |
| Privileges Required: | High |
| User Interaction: | None |
| Scope: | Unchanged |
| Confidentiality Impact: | HIGH |
| Integrity Impact: | None |
| Availability Impact: | None |
| CWE: | CWE-310 |
Mitigation
Upgrade to eliminate this problem
