Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2022.6332
IBM QRadar SIEM Appliances could be vulnerable to multiple Intel CVEs
6 December 2022
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: IBM QRadar SIEM
Publisher: IBM
Operating System: Linux variants
Resolution: None
CVE Names: CVE-2021-33120 CVE-2021-0156 CVE-2021-0145
CVE-2021-0127 CVE-2021-0125 CVE-2021-0124
CVE-2021-0119 CVE-2021-0118 CVE-2021-0117
CVE-2021-0116 CVE-2021-0115 CVE-2021-0114
CVE-2021-0111 CVE-2021-0107 CVE-2021-0103
CVE-2021-0099 CVE-2021-0093 CVE-2021-0092
CVE-2021-0091
Original Bulletin:
https://www.ibm.com/support/pages/node/6845359
Comment: CVSS (Max): 8.2 CVE-2021-0103 (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)
CVSS Source: IBM
Calculator: https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
- --------------------------BEGIN INCLUDED TEXT--------------------
IBM QRadar SIEM Appliances could be vulnerable to multiple Intel CVEs
Document Information
Document number : 6845359
Modified date : 05 December 2022
Product : IBM Security QRadar SIEM
Software version : 7.5, 7.4
Operating system(s): Linux
Summary
IBM QRadar SIEM Appliances could be vulnerable to multiple Intel CVEs. IBM has
addressed the relevant CVEs.
Vulnerability Details
CVEID: CVE-2021-0091
DESCRIPTION: Intel Processors could allow a local attacker to gain elevated
privileges on the system, caused by improper access control in the firmware. By
executing a specially-crafted program, an attacker could exploit this
vulnerability to escalate privileges.
CVSS Base score: 3.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
219044 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N)
CVEID: CVE-2021-0092
DESCRIPTION: Intel Processors are vulnerable to a denial of service, caused
by improper access control in the firmware. By executing a specially-crafted
program, a local authenticated attacker could exploit this vulnerability to
cause a denial of service.
CVSS Base score: 4.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
219043 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H)
CVEID: CVE-2021-0093
DESCRIPTION: Intel Processors are vulnerable to a denial of service, caused
by incorrect default permissions in the firmware. By executing a
specially-crafted program, a local authenticated attacker could exploit this
vulnerability to cause a denial of service.
CVSS Base score: 2.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
219042 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2021-0099
DESCRIPTION: Intel Processors could allow a local authenticated attacker to
gain elevated privileges on the system, caused by insufficient control flow
management in the firmware. By executing a specially-crafted program, an
attacker could exploit this vulnerability to escalate privileges.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
219079 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H)
CVEID: CVE-2021-0103
DESCRIPTION: Intel Processors could allow a local authenticated attacker to
gain elevated privileges on the system, caused by insufficient control flow
management in the firmware. By executing a specially-crafted program, an
attacker could exploit this vulnerability to escalate privileges.
CVSS Base score: 8.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
219078 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)
CVEID: CVE-2021-0107
DESCRIPTION: Intel Processors could allow a local authenticated attacker to
gain elevated privileges on the system, caused by unchecked return value in the
firmware. By executing a specially-crafted program, an attacker could exploit
this vulnerability to escalate privileges.
CVSS Base score: 7.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
219041 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N)
CVEID: CVE-2021-0111
DESCRIPTION: Intel Processors could allow a local authenticated attacker to
gain elevated privileges on the system, caused by a NULL pointer dereference in
the firmware. By executing a specially-crafted program, an attacker could
exploit this vulnerability to escalate privileges.
CVSS Base score: 7.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
219040 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N)
CVEID: CVE-2021-0114
DESCRIPTION: Intel Processors could allow a local authenticated attacker to
gain elevated privileges on the system, caused by an unchecked return value in
the firmware. By executing a specially-crafted program, an attacker could
exploit this vulnerability to escalate privileges.
CVSS Base score: 7.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
219077 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N)
CVEID: CVE-2021-0115
DESCRIPTION: Intel Processors are vulnerable to a buffer overflow, caused by
improper bounds checking by the firmware. By executing a specially-crafted
program, a local authenticated attacker could overflow a buffer and escalate
privileges.
CVSS Base score: 7.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
219076 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N)
CVEID: CVE-2021-0116
DESCRIPTION: Intel Processors could allow a local authenticated attacker to
gain elevated privileges on the system, caused by an out-of-bounds write in the
firmware. By executing a specially-crafted program, an attacker could exploit
this vulnerability to escalate privileges.
CVSS Base score: 7.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
219075 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N)
CVEID: CVE-2021-0117
DESCRIPTION: Intel Processors could allow a local authenticated attacker to
gain elevated privileges on the system, caused by pointer issues in the
firmware. By executing a specially-crafted program, an attacker could exploit
this vulnerability to escalate privileges.
CVSS Base score: 7.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
219074 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N)
CVEID: CVE-2021-0118
DESCRIPTION: Intel Processors could allow a local authenticated attacker to
gain elevated privileges on the system, caused by an out-of-bounds read in the
firmware. By executing a specially-crafted program, an attacker could exploit
this vulnerability to escalate privileges.
CVSS Base score: 7.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
219073 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N)
CVEID: CVE-2021-0119
DESCRIPTION: Intel Processors could allow a local authenticated attacker to
gain elevated privileges on the system, caused by improper initialization in
the firmware. By executing a specially-crafted program, an attacker could
exploit this vulnerability to escalate privileges.
CVSS Base score: 5.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
219039 for the current score.
CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L)
CVEID: CVE-2021-0124
DESCRIPTION: Intel Processors could allow a local authenticated attacker to
gain elevated privileges on the system, caused by improper access control in
the firmware. By executing a specially-crafted program, an attacker could
exploit this vulnerability to escalate privileges.
CVSS Base score: 6.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
219038 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H)
CVEID: CVE-2021-0125
DESCRIPTION: Intel Processors could allow a local authenticated attacker to
gain elevated privileges on the system, caused by improper initialization in
the firmware. By executing a specially-crafted program, an attacker could
exploit this vulnerability to escalate privileges.
CVSS Base score: 6.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
219027 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:L)
CVEID: CVE-2021-0156
DESCRIPTION: Intel Processors could allow a local authenticated attacker to
gain elevated privileges on the system, caused by improper input validation in
the firmware. By executing a specially-crafted program, an attacker could
exploit this vulnerability to escalate privileges.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
219072 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H)
CVEID: CVE-2021-0127
DESCRIPTION: Intel processors are vulnerable to a denial of service, caused
by insufficient control flow management. A local authenticated attacker could
exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
219024 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H)
CVEID: CVE-2021-0145
DESCRIPTION: Intel processors could allow a local authenticated attacker to
obtain sensitive information, caused by improper initialization of shared
resources. An attacker could exploit this vulnerability to obtain sensitive
information and use this information to launch further attacks against the
affected system.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
219023 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)
CVEID: CVE-2021-33120
DESCRIPTION: Intel Atom Processors could allow a local authenticated attacker
to obtain sensitive information, caused by an out-of-bounds read. By sending a
specially-crafted request, an attacker could exploit this vulnerability to
obtain sensitive information.
CVSS Base score: 3.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
219098 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L)
Affected Products and Versions
All M6 Firmware versions before 7.1.0
All M5 Firmware versions before 9.0.0
Remediation/Fixes
M6
+-------------------+----------+------------+
|Affected Product(s)|Version(s)|Firmware |
+-------------------+----------+------------+
|IBM QRadar SIEM |7.4 |M6 7.6.1 ISO|
+-------------------+----------+------------+
|IBM QRadar SIEM |7.4 |M6 7.6.1 USB|
+-------------------+----------+------------+
|IBM QRadar SIEM |7.5 |M6 7.6.1 ISO|
+-------------------+----------+------------+
|IBM QRadar SIEM |7.5 |M6 7.6.1 USB|
+-------------------+----------+------------+
M5
+-------------------+----------+------------+
|Affected Product(s)|Version(s)|Firmware |
+-------------------+----------+------------+
|IBM QRadar SIEM |7.4 |M5 9.0.0 ISO|
+-------------------+----------+------------+
|IBM QRadar SIEM |7.4 |M5 9.0.0 USB|
+-------------------+----------+------------+
|IBM QRadar SIEM |7.5 |M5 9.0.0 ISO|
+-------------------+----------+------------+
|IBM QRadar SIEM |7.5 |M5 9.0.0 USB|
+-------------------+----------+------------+
Workarounds and Mitigations
None
Change History
23 Nov 2022: Initial Publication
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBY47c18kNZI30y1K9AQhRaxAAukohaPlpAJFvvMZlAuOVrauCLeoRVMm8
lKvmEmbI5dOASQiznGPzWDzOgHFga8M2Db9SA949SuWMPjtKlFrTIxTkjdQ1LUll
LbZLNS5xsrHOp1OSasrJB9ce8ipMKkNbiSmErlEMpZwIFcLqbKQXbmMv1fyUeVut
slXxRJY0Fxe0ZGph0pNxuSv16kfOXKqUu2zVBk19yDEW5m7IoBagJwVEg/+O/1uT
K1U43Vb5nA/AYBMlD3dTwNDr/Smd1qX9ZBwXwoNAk77bqYEJ7atEd5gFVzUv5s6w
TobiM7EFg9HvAmxhcfMWqSFBulCo93M++3rs3WsF1rITCFwlkHptdbj84ydxWcEr
Jcfkwpe1kSxxjW7VwVHgz9Dzj3Lktd8OuikuKRzImbiymN/3IqthuOV7EXoo7LTK
B3eEBOkB5aaTqcKA2e41zq8e4AKFs0bYwpoMz7ID2q/LrPoyy2Xb3QED7+uGVbYz
3RFxDzcKlwXr18VAEEk8K6g6c2Y94PoYtIVx/lragckdxWgIT57XwIq8Mhuu3R2c
nE4HP0t9/X09xxF0RrRCSAWnxJaMQbqo3HqlOBJbHPjBcOB7cr0M2qRh/3gw6OZB
W0xEYboUK1esvbsUHh96glRPs4kvRdftCg9RrGl4oASVf6X5ujBAiJZDk5nFSHEu
hO639QusNOY=
=c+/3
-----END PGP SIGNATURE-----