Vulnerabilities > CVE-2021-20505 - Unspecified vulnerability in IBM Powervm Hypervisor

CVSS 4.4 - MEDIUM

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

high complexity

ibm

NVD

Published: 2021-07-29

Updated: 2024-11-21

Summary

The PowerVM Logical Partition Mobility(LPM) (PowerVM Hypervisor FW920, FW930, FW940, and FW950) encryption key exchange protocol can be compromised. If an attacker has the ability to capture encrypted LPM network traffic and is able to gain service access to the FSP they can use this information to perform a series of PowerVM service procedures to decrypt the captured migration traffic IBM X-Force ID: 198232

Vulnerable Configurations

Part	Description	Count
OS	Ibm IBM Powervm Hypervisor Fw930 IBM Powervm Hypervisor Fw940 IBM Powervm Hypervisor Fw950 IBM Powervm Hypervisor Fw920	4

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/198232
https://exchange.xforce.ibmcloud.com/vulnerabilities/198232
https://www.ibm.com/support/pages/node/6475619
https://www.ibm.com/support/pages/node/6475619