CVE-2021-22887

NVD

https://nvd.nist.gov/vuln/detail/CVE-2021-22887

CWE

https://cwe.mitre.org/data/definitions/506.html

A vulnerability in the BIOS of Pulse Secure (PSA-Series Hardware) models PSA5000 and PSA7000 could allow an attacker to compromise BIOS firmware. This vulnerability can be exploited only as part of an attack chain. Before an attacker can compromise the BIOS, they must exploit the device.

Weakness

The product contains code that appears to be malicious in nature.

Affected Software

Name	Vendor	Start Version	End Version
Psa-5000_firmware	Pulsesecure	- (including)	- (including)

Potential Mitigations

https://cwe.mitre.org/data/definitions/442.html
https://cwe.mitre.org/data/definitions/448.html
https://cwe.mitre.org/data/definitions/636.html

References

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44712
https://www.supermicro.com/en/support/security/Trickbot
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44712
https://www.supermicro.com/en/support/security/Trickbot

Embedded Malicious Code

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References