Description
A vulnerability in the BIOS of Pulse Secure (PSA-Series Hardware) models PSA5000 and PSA7000 could allow an attacker to compromise BIOS firmware. This vulnerability can be exploited only as part of an attack chain. Before an attacker can compromise the BIOS, they must exploit the device.
References (2)
Core 2
Core References
Patch, Vendor Advisory x_refsource_misc
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44712
Third Party Advisory x_refsource_misc
https://www.supermicro.com/en/support/security/Trickbot
Scores
CVSS v3
2.3
EPSS
0.0025
EPSS Percentile
15.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
Details
CWE
CWE-506
Status
published
Products (12)
pulsesecure/psa-5000_firmware
pulsesecure/psa-7000_firmware
supermicro/x10sl7-f_firmware
< 3.4
supermicro/x10sla-f_firmware
< 3.4
supermicro/x10slh-f_firmware
< 3.4
supermicro/x10sll-f_firmware
< 3.4
supermicro/x10sll-s_firmware
< 3.4
supermicro/x10sll-sf_firmware
< 3.4
supermicro/x10sll\+f_firmware
< 3.4
supermicro/x10slm-f_firmware
< 3.4
... and 2 more
Published
Mar 16, 2021
Tracked Since
Feb 18, 2026