Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2017-3765

In Enterprise Networking Operating System (ENOS) in Lenovo and IBM RackSwitch and BladeCenter products, an authentication bypass known as "HP Backdoor" was discovered during a Lenovo security audit in the serial console, Telnet, SSH, and Web interfaces. This bypass mechanism can be accessed when performing local authentication under specific circumstances. If exploited, admin-level access to the switch is granted.

Published

2018-01-10T18:29:01.383

Last Modified

2024-11-21T03:26:05.847

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 7.0 (HIGH)

CVSSv2 Vector

AV:L/AC:H/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: HIGH
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

1.9

Impact Score

10.0

Weaknesses

Type: Primary
CWE-287

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	lenovo	enterprise_network_operating_system	< 8.4.6.0	Yes
Hardware	lenovo	flex_system_fabric_cn4093_10gb_converged_scalable_switch	-	No
Hardware	lenovo	flex_system_fabric_en4093r_10gb_scalable_switch	-	No
Hardware	lenovo	flex_system_fabric_si4093_10gb_system_interconnect_module	-	No
Hardware	lenovo	flex_system_si4091_system_interconnect_module	-	No
Hardware	lenovo	rackswitch_g7028	-	No
Hardware	lenovo	rackswitch_g7052	-	No
Hardware	lenovo	rackswitch_g8052	-	No
Hardware	lenovo	rackswitch_g8124e	-	No
Hardware	lenovo	rackswitch_g8264	-	No
Hardware	lenovo	rackswitch_g8264cs	-	No
Hardware	lenovo	rackswitch_g8272	-	No
Hardware	lenovo	rackswitch_g8296	-	No
Hardware	lenovo	rackswitch_g8332	-	No
Operating System	lenovo	enterprise_network_operating_system	< 8.4.6.0	Yes
Hardware	ibm	1g_l2-7_slb_switch_for_bladecenter	-	No
Hardware	ibm	bladecenter_1\	10g_uplink_ethernet_switch_module	No
Hardware	ibm	bladecenter_layer_2\/3_copper_ethernet_switch_module	-	No
Hardware	ibm	bladecenter_virtual_fabric_10gb_switch_module	-	No
Hardware	ibm	flex_system_en2092_1gb_ethernet_scalable_switch	-	No
Hardware	ibm	flex_system_fabric_cn4093_10gb_converged_scalable_switch	-	No
Hardware	ibm	flex_system_fabric_en4093\/en4093r_10gb_scalable_switch	-	No
Hardware	ibm	flex_system_fabric_si4093_10gb_system_interconnect_module	-	No
Hardware	ibm	rackswitch_g8052	-	No
Hardware	ibm	rackswitch_g8124	-	No
Hardware	ibm	rackswitch_g8124e	-	No
Hardware	ibm	rackswitch_g8264	-	No
Hardware	ibm	rackswitch_g8264cs	-	No
Hardware	ibm	rackswitch_g8264t	-	No
Hardware	ibm	rackswitch_g8316	-	No
Hardware	ibm	rackswitch_g8332	-	No

References

http://www.securitytracker.com/id/1040296 Third Party Advisory ([email protected])
https://support.lenovo.com/us/en/product_security/LEN-16095 Mitigation, Patch, Vendor Advisory ([email protected])
http://www.securitytracker.com/id/1040296 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://support.lenovo.com/us/en/product_security/LEN-16095 Mitigation, Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)