Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.6332 IBM QRadar SIEM Appliances could be vulnerable to multiple Intel CVEs 6 December 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: IBM QRadar SIEM Publisher: IBM Operating System: Linux variants Resolution: None CVE Names: CVE-2021-33120 CVE-2021-0156 CVE-2021-0145 CVE-2021-0127 CVE-2021-0125 CVE-2021-0124 CVE-2021-0119 CVE-2021-0118 CVE-2021-0117 CVE-2021-0116 CVE-2021-0115 CVE-2021-0114 CVE-2021-0111 CVE-2021-0107 CVE-2021-0103 CVE-2021-0099 CVE-2021-0093 CVE-2021-0092 CVE-2021-0091 Original Bulletin: https://www.ibm.com/support/pages/node/6845359 Comment: CVSS (Max): 8.2 CVE-2021-0103 (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H) CVSS Source: IBM Calculator: https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- IBM QRadar SIEM Appliances could be vulnerable to multiple Intel CVEs Document Information Document number : 6845359 Modified date : 05 December 2022 Product : IBM Security QRadar SIEM Software version : 7.5, 7.4 Operating system(s): Linux Summary IBM QRadar SIEM Appliances could be vulnerable to multiple Intel CVEs. IBM has addressed the relevant CVEs. Vulnerability Details CVEID: CVE-2021-0091 DESCRIPTION: Intel Processors could allow a local attacker to gain elevated privileges on the system, caused by improper access control in the firmware. By executing a specially-crafted program, an attacker could exploit this vulnerability to escalate privileges. CVSS Base score: 3.2 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 219044 for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N) CVEID: CVE-2021-0092 DESCRIPTION: Intel Processors are vulnerable to a denial of service, caused by improper access control in the firmware. By executing a specially-crafted program, a local authenticated attacker could exploit this vulnerability to cause a denial of service. CVSS Base score: 4.7 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 219043 for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H) CVEID: CVE-2021-0093 DESCRIPTION: Intel Processors are vulnerable to a denial of service, caused by incorrect default permissions in the firmware. By executing a specially-crafted program, a local authenticated attacker could exploit this vulnerability to cause a denial of service. CVSS Base score: 2.3 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 219042 for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L) CVEID: CVE-2021-0099 DESCRIPTION: Intel Processors could allow a local authenticated attacker to gain elevated privileges on the system, caused by insufficient control flow management in the firmware. By executing a specially-crafted program, an attacker could exploit this vulnerability to escalate privileges. CVSS Base score: 7.8 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 219079 for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H) CVEID: CVE-2021-0103 DESCRIPTION: Intel Processors could allow a local authenticated attacker to gain elevated privileges on the system, caused by insufficient control flow management in the firmware. By executing a specially-crafted program, an attacker could exploit this vulnerability to escalate privileges. CVSS Base score: 8.2 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 219078 for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H) CVEID: CVE-2021-0107 DESCRIPTION: Intel Processors could allow a local authenticated attacker to gain elevated privileges on the system, caused by unchecked return value in the firmware. By executing a specially-crafted program, an attacker could exploit this vulnerability to escalate privileges. CVSS Base score: 7.2 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 219041 for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N) CVEID: CVE-2021-0111 DESCRIPTION: Intel Processors could allow a local authenticated attacker to gain elevated privileges on the system, caused by a NULL pointer dereference in the firmware. By executing a specially-crafted program, an attacker could exploit this vulnerability to escalate privileges. CVSS Base score: 7.2 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 219040 for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N) CVEID: CVE-2021-0114 DESCRIPTION: Intel Processors could allow a local authenticated attacker to gain elevated privileges on the system, caused by an unchecked return value in the firmware. By executing a specially-crafted program, an attacker could exploit this vulnerability to escalate privileges. CVSS Base score: 7.9 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 219077 for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N) CVEID: CVE-2021-0115 DESCRIPTION: Intel Processors are vulnerable to a buffer overflow, caused by improper bounds checking by the firmware. By executing a specially-crafted program, a local authenticated attacker could overflow a buffer and escalate privileges. CVSS Base score: 7.9 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 219076 for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N) CVEID: CVE-2021-0116 DESCRIPTION: Intel Processors could allow a local authenticated attacker to gain elevated privileges on the system, caused by an out-of-bounds write in the firmware. By executing a specially-crafted program, an attacker could exploit this vulnerability to escalate privileges. CVSS Base score: 7.9 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 219075 for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N) CVEID: CVE-2021-0117 DESCRIPTION: Intel Processors could allow a local authenticated attacker to gain elevated privileges on the system, caused by pointer issues in the firmware. By executing a specially-crafted program, an attacker could exploit this vulnerability to escalate privileges. CVSS Base score: 7.9 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 219074 for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N) CVEID: CVE-2021-0118 DESCRIPTION: Intel Processors could allow a local authenticated attacker to gain elevated privileges on the system, caused by an out-of-bounds read in the firmware. By executing a specially-crafted program, an attacker could exploit this vulnerability to escalate privileges. CVSS Base score: 7.9 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 219073 for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N) CVEID: CVE-2021-0119 DESCRIPTION: Intel Processors could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper initialization in the firmware. By executing a specially-crafted program, an attacker could exploit this vulnerability to escalate privileges. CVSS Base score: 5.8 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 219039 for the current score. CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L) CVEID: CVE-2021-0124 DESCRIPTION: Intel Processors could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper access control in the firmware. By executing a specially-crafted program, an attacker could exploit this vulnerability to escalate privileges. CVSS Base score: 6.3 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 219038 for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H) CVEID: CVE-2021-0125 DESCRIPTION: Intel Processors could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper initialization in the firmware. By executing a specially-crafted program, an attacker could exploit this vulnerability to escalate privileges. CVSS Base score: 6.7 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 219027 for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:L) CVEID: CVE-2021-0156 DESCRIPTION: Intel Processors could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper input validation in the firmware. By executing a specially-crafted program, an attacker could exploit this vulnerability to escalate privileges. CVSS Base score: 7.5 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 219072 for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H) CVEID: CVE-2021-0127 DESCRIPTION: Intel processors are vulnerable to a denial of service, caused by insufficient control flow management. A local authenticated attacker could exploit this vulnerability to cause a denial of service. CVSS Base score: 5.6 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 219024 for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H) CVEID: CVE-2021-0145 DESCRIPTION: Intel processors could allow a local authenticated attacker to obtain sensitive information, caused by improper initialization of shared resources. An attacker could exploit this vulnerability to obtain sensitive information and use this information to launch further attacks against the affected system. CVSS Base score: 6.5 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 219023 for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N) CVEID: CVE-2021-33120 DESCRIPTION: Intel Atom Processors could allow a local authenticated attacker to obtain sensitive information, caused by an out-of-bounds read. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information. CVSS Base score: 3.6 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 219098 for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L) Affected Products and Versions All M6 Firmware versions before 7.1.0 All M5 Firmware versions before 9.0.0 Remediation/Fixes M6 +-------------------+----------+------------+ |Affected Product(s)|Version(s)|Firmware | +-------------------+----------+------------+ |IBM QRadar SIEM |7.4 |M6 7.6.1 ISO| +-------------------+----------+------------+ |IBM QRadar SIEM |7.4 |M6 7.6.1 USB| +-------------------+----------+------------+ |IBM QRadar SIEM |7.5 |M6 7.6.1 ISO| +-------------------+----------+------------+ |IBM QRadar SIEM |7.5 |M6 7.6.1 USB| +-------------------+----------+------------+ M5 +-------------------+----------+------------+ |Affected Product(s)|Version(s)|Firmware | +-------------------+----------+------------+ |IBM QRadar SIEM |7.4 |M5 9.0.0 ISO| +-------------------+----------+------------+ |IBM QRadar SIEM |7.4 |M5 9.0.0 USB| +-------------------+----------+------------+ |IBM QRadar SIEM |7.5 |M5 9.0.0 ISO| +-------------------+----------+------------+ |IBM QRadar SIEM |7.5 |M5 9.0.0 USB| +-------------------+----------+------------+ Workarounds and Mitigations None Change History 23 Nov 2022: Initial Publication - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBY47c18kNZI30y1K9AQhRaxAAukohaPlpAJFvvMZlAuOVrauCLeoRVMm8 lKvmEmbI5dOASQiznGPzWDzOgHFga8M2Db9SA949SuWMPjtKlFrTIxTkjdQ1LUll LbZLNS5xsrHOp1OSasrJB9ce8ipMKkNbiSmErlEMpZwIFcLqbKQXbmMv1fyUeVut slXxRJY0Fxe0ZGph0pNxuSv16kfOXKqUu2zVBk19yDEW5m7IoBagJwVEg/+O/1uT K1U43Vb5nA/AYBMlD3dTwNDr/Smd1qX9ZBwXwoNAk77bqYEJ7atEd5gFVzUv5s6w TobiM7EFg9HvAmxhcfMWqSFBulCo93M++3rs3WsF1rITCFwlkHptdbj84ydxWcEr Jcfkwpe1kSxxjW7VwVHgz9Dzj3Lktd8OuikuKRzImbiymN/3IqthuOV7EXoo7LTK B3eEBOkB5aaTqcKA2e41zq8e4AKFs0bYwpoMz7ID2q/LrPoyy2Xb3QED7+uGVbYz 3RFxDzcKlwXr18VAEEk8K6g6c2Y94PoYtIVx/lragckdxWgIT57XwIq8Mhuu3R2c nE4HP0t9/X09xxF0RrRCSAWnxJaMQbqo3HqlOBJbHPjBcOB7cr0M2qRh/3gw6OZB W0xEYboUK1esvbsUHh96glRPs4kvRdftCg9RrGl4oASVf6X5ujBAiJZDk5nFSHEu hO639QusNOY= =c+/3 -----END PGP SIGNATURE-----