CVE-2021-22887

LOW

Pulse Secure PSA5000/PSA7000 - Privilege Escalation

Title source: llm

Description

A vulnerability in the BIOS of Pulse Secure (PSA-Series Hardware) models PSA5000 and PSA7000 could allow an attacker to compromise BIOS firmware. This vulnerability can be exploited only as part of an attack chain. Before an attacker can compromise the BIOS, they must exploit the device.

References (2)

[Patch, Vendor Advisory] https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44712

[Third Party Advisory] https://www.supermicro.com/en/support/security/Trickbot

Scores

CVSS v3 2.3

EPSS 0.0014

EPSS Percentile 33.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

Details

CWE

CWE-506

Status published

Products (12)

pulsesecure/psa-5000_firmware

pulsesecure/psa-7000_firmware

supermicro/x10sl7-f_firmware < 3.4

supermicro/x10sla-f_firmware < 3.4

supermicro/x10slh-f_firmware < 3.4

supermicro/x10sll-f_firmware < 3.4

supermicro/x10sll-s_firmware < 3.4

supermicro/x10sll-sf_firmware < 3.4

supermicro/x10sll\+f_firmware < 3.4

supermicro/x10slm-f_firmware < 3.4

... and 2 more

Published Mar 16, 2021

Tracked Since Feb 18, 2026