Lucene search

IbmCVELIST:CVE-2022-22309

HistoryMay 24, 2022 - 4:20 p.m.

CVE-2022-22309

2022-05-2416:20:18

ibm

www.cve.org

power systems

fsp

unauthenticated logins

CVSS3

6.8

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

21.6%

JSON

The POWER systems FSP is vulnerable to unauthenticated logins through the serial port/TTY interface. This vulnerability can be more critical if the serial port is connected to a serial-over-lan device. IBM X-Force ID: 217095.

CNA Affected

[
  {
    "product": "Power System S922 Server",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "FW940"
      },
      {
        "status": "affected",
        "version": "FW950"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/217095

www.ibm.com/support/pages/node/6589099

CVSS3

6.8

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

21.6%

JSON

Related for CVELIST:CVE-2022-22309