CVE-2017-3765
First published: Wed Jan 10 2018(Updated: )
In Enterprise Networking Operating System (ENOS) in Lenovo and IBM RackSwitch and BladeCenter products, an authentication bypass known as "HP Backdoor" was discovered during a Lenovo security audit in the serial console, Telnet, SSH, and Web interfaces. This bypass mechanism can be accessed when performing local authentication under specific circumstances. If exploited, admin-level access to the switch is granted.
Credit: psirt@lenovo.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Lenovo Enterprise Network Operating System | <8.4.6.0 | |
| Lenovo Flex System Fabric Cn4093 10gb Converged Scalable Switch | ||
| Lenovo Flex System Fabric En4093r 10gb Scalable Switch | ||
| Lenovo Flex System Fabric Si4093 10gb System Interconnect Module | ||
| Lenovo Flex System Si4091 System Interconnect Module | ||
| Lenovo Rackswitch G7028 | ||
| Lenovo Rackswitch G7052 | ||
| Lenovo Rackswitch G8052 | ||
| Lenovo Rackswitch G8124e | ||
| Lenovo Rackswitch G8264 | ||
| Lenovo Rackswitch G8264cs | ||
| Lenovo Rackswitch G8272 | ||
| Lenovo Rackswitch G8296 | ||
| Lenovo Rackswitch G8332 | ||
| Ibm 1g L2-7 Slb Switch For Bladecenter | ||
| Ibm Bladecenter 1\ | =10g_uplink_ethernet_switch_module | |
| Ibm Bladecenter Layer 2\/3 Copper Ethernet Switch Module | ||
| Ibm Bladecenter Virtual Fabric 10gb Switch Module | ||
| Ibm Flex System En2092 1gb Ethernet Scalable Switch | ||
| Ibm Flex System Fabric Cn4093 10gb Converged Scalable Switch | ||
| Ibm Flex System Fabric En4093\/en4093r 10gb Scalable Switch | ||
| Ibm Flex System Fabric Si4093 10gb System Interconnect Module | ||
| Ibm Rackswitch G8052 | ||
| Ibm Rackswitch G8124 | ||
| Ibm Rackswitch G8124e | ||
| Ibm Rackswitch G8264 | ||
| Ibm Rackswitch G8264cs | ||
| Ibm Rackswitch G8264t | ||
| Ibm Rackswitch G8316 | ||
| Ibm Rackswitch G8332 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/event
- agent/type
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/remedy
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/lenovo
- canonical/lenovo enterprise network operating system
- canonical/lenovo flex system fabric cn4093 10gb converged scalable switch
- canonical/lenovo flex system fabric en4093r 10gb scalable switch
- canonical/lenovo flex system fabric si4093 10gb system interconnect module
- canonical/lenovo flex system si4091 system interconnect module
- canonical/lenovo rackswitch g7028
- canonical/lenovo rackswitch g7052
- canonical/lenovo rackswitch g8052
- canonical/lenovo rackswitch g8124e
- canonical/lenovo rackswitch g8264
- canonical/lenovo rackswitch g8264cs
- canonical/lenovo rackswitch g8272
- canonical/lenovo rackswitch g8296
- canonical/lenovo rackswitch g8332
- vendor/ibm
- canonical/ibm 1g l2-7 slb switch for bladecenter
- canonical/ibm bladecenter 1\
- version/ibm bladecenter 1\/10g_uplink_ethernet_switch_module
- canonical/ibm bladecenter layer 2\/3 copper ethernet switch module
- canonical/ibm bladecenter virtual fabric 10gb switch module
- canonical/ibm flex system en2092 1gb ethernet scalable switch
- canonical/ibm flex system fabric cn4093 10gb converged scalable switch
- canonical/ibm flex system fabric en4093\/en4093r 10gb scalable switch
- canonical/ibm flex system fabric si4093 10gb system interconnect module
- canonical/ibm rackswitch g8052
- canonical/ibm rackswitch g8124
- canonical/ibm rackswitch g8124e
- canonical/ibm rackswitch g8264
- canonical/ibm rackswitch g8264cs
- canonical/ibm rackswitch g8264t
- canonical/ibm rackswitch g8316
- canonical/ibm rackswitch g8332