high
7
CWE
287
Advisory Published
Updated

CVE-2017-3765

First published: Wed Jan 10 2018(Updated: )

In Enterprise Networking Operating System (ENOS) in Lenovo and IBM RackSwitch and BladeCenter products, an authentication bypass known as "HP Backdoor" was discovered during a Lenovo security audit in the serial console, Telnet, SSH, and Web interfaces. This bypass mechanism can be accessed when performing local authentication under specific circumstances. If exploited, admin-level access to the switch is granted.

Credit: psirt@lenovo.com

Affected SoftwareAffected VersionHow to fix
Lenovo Enterprise Network Operating System<8.4.6.0
IBM Flex System Fabric CN4093 10Gb Converged Scalable Switch
IBM Flex System Fabric EN4093/EN4093R 10Gb Scalable Switch
IBM Flex System Fabric Si4093 10Gb System Interconnect Module
Lenovo Flex System Si4091 System Interconnect Module
Lenovo Rackswitch G7028
Lenovo Rackswitch G7052
Lenovo Rackswitch G8052
Lenovo Rackswitch G8124e
Lenovo Rackswitch G8264
IBM RackSwitch G8264CS
Lenovo Rackswitch G8272
Lenovo Rackswitch G8296
Lenovo Rackswitch G8332
IBM BladeCenter 1G L2-7 SLB
IBM BladeCenter=10g_uplink_ethernet_switch_module
IBM BladeCenter Layer 2/3 Copper Ethernet Switch Module
IBM Virtual Fabric 10Gb
IBM EN2092 1GB Firmware
Lenovo Flex System Fabric Cn4093 10gb Converged Scalable Switch
IBM Flex System Fabric EN4093/EN4093R 10Gb Scalable Switch
Lenovo Flex System Fabric Si4093 10gb System Interconnect Module
IBM RackSwitch G8052
IBM RackSwitch G8124e
IBM RackSwitch G8124-E
IBM RackSwitch G8264
Lenovo Rackswitch G8264cs
IBM RackSwitch G8264-T
IBM RackSwitch G8316
IBM RackSwitch G8332

Remedy

https://support.lenovo.com/us/en/product_security/LEN-16095

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2017-3765?

    CVE-2017-3765 is classified as a high severity vulnerability due to its potential for authentication bypass.

  • How do I fix CVE-2017-3765?

    To mitigate CVE-2017-3765, apply the latest firmware updates provided by Lenovo for affected devices.

  • Which products are affected by CVE-2017-3765?

    CVE-2017-3765 affects Lenovo and IBM RackSwitch and BladeCenter products running certain versions of the Enterprise Networking Operating System.

  • What is the nature of the vulnerability in CVE-2017-3765?

    CVE-2017-3765 involves an authentication bypass vulnerability that can be exploited through various interfaces like Telnet and SSH.

  • Can CVE-2017-3765 be exploited remotely?

    Yes, CVE-2017-3765 can potentially be exploited remotely due to its accessibility through network interfaces.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203