Lucene search

K
cveIbmCVE-2022-22374
HistoryMar 24, 2022 - 6:15 p.m.

CVE-2022-22374

2022-03-2418:15:08
ibm
web.nvd.nist.gov
85
bmc
ibm power 9
ac922
firmware
downgrade
vulnerability
nvd
cve-2022-22374

CVSS2

8.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:P/A:C

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

AI Score

8.6

Confidence

High

EPSS

0.001

Percentile

45.9%

The BMC (IBM Power 9 AC922 OP910, OP920, OP930, and OP940) may be subject to a firmware downgrade attack which may affect its ability to operate its host. IBM X-Force ID: 221442.

Affected configurations

Nvd
Vulners
Node
ibmpower_9_ac922_firmwareMatchop910
OR
ibmpower_9_ac922_firmwareMatchop920
OR
ibmpower_9_ac922_firmwareMatchop930
OR
ibmpower_9_ac922_firmwareMatchop940
AND
ibmpower_9_ac922Match-
VendorProductVersionCPE
ibmpower_9_ac922_firmwareop910cpe:2.3:o:ibm:power_9_ac922_firmware:op910:*:*:*:*:*:*:*
ibmpower_9_ac922_firmwareop920cpe:2.3:o:ibm:power_9_ac922_firmware:op920:*:*:*:*:*:*:*
ibmpower_9_ac922_firmwareop930cpe:2.3:o:ibm:power_9_ac922_firmware:op930:*:*:*:*:*:*:*
ibmpower_9_ac922_firmwareop940cpe:2.3:o:ibm:power_9_ac922_firmware:op940:*:*:*:*:*:*:*
ibmpower_9_ac922-cpe:2.3:h:ibm:power_9_ac922:-:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "Power 9 AC922",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "OP910"
      },
      {
        "status": "affected",
        "version": "OP920"
      },
      {
        "status": "affected",
        "version": "OP930"
      },
      {
        "status": "affected",
        "version": "OP940"
      }
    ]
  }
]

CVSS2

8.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:P/A:C

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

AI Score

8.6

Confidence

High

EPSS

0.001

Percentile

45.9%

Related for CVE-2022-22374