CVE-2017-3765

Опубликовано: 10 янв. 2018

Источник: nvd

CVSS3: 7

CVSS2: 6.2

EPSS Низкий

Описание

In Enterprise Networking Operating System (ENOS) in Lenovo and IBM RackSwitch and BladeCenter products, an authentication bypass known as "HP Backdoor" was discovered during a Lenovo security audit in the serial console, Telnet, SSH, and Web interfaces. This bypass mechanism can be accessed when performing local authentication under specific circumstances. If exploited, admin-level access to the switch is granted.

Ссылки

http://www.securitytracker.com/id/1040296
Third Party Advisory
https://support.lenovo.com/us/en/product_security/LEN-16095
Mitigation
Patch
Vendor Advisory
http://www.securitytracker.com/id/1040296
Third Party Advisory
https://support.lenovo.com/us/en/product_security/LEN-16095
Mitigation
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:lenovo:enterprise_network_operating_system:*:*:*:*:*:*:*:*

Версия до 8.4.6.0 (исключая)

Одно из

cpe:2.3:h:lenovo:flex_system_fabric_cn4093_10gb_converged_scalable_switch:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:flex_system_fabric_en4093r_10gb_scalable_switch:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:flex_system_fabric_si4093_10gb_system_interconnect_module:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:flex_system_si4091_system_interconnect_module:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:rackswitch_g7028:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:rackswitch_g7052:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:rackswitch_g8052:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:rackswitch_g8124e:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:rackswitch_g8264:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:rackswitch_g8264cs:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:rackswitch_g8272:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:rackswitch_g8296:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:rackswitch_g8332:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:lenovo:enterprise_network_operating_system:*:*:*:*:*:*:*:*

Версия до 8.4.6.0 (исключая)

Одно из

cpe:2.3:h:ibm:1g_l2-7_slb_switch_for_bladecenter:-:*:*:*:*:*:*:*

cpe:2.3:h:ibm:bladecenter_1\:10g_uplink_ethernet_switch_module:-:*:*:*:*:*:*:*

cpe:2.3:h:ibm:bladecenter_layer_2\/3_copper_ethernet_switch_module:-:*:*:*:*:*:*:*

cpe:2.3:h:ibm:bladecenter_virtual_fabric_10gb_switch_module:-:*:*:*:*:*:*:*

cpe:2.3:h:ibm:flex_system_en2092_1gb_ethernet_scalable_switch:-:*:*:*:*:*:*:*

cpe:2.3:h:ibm:flex_system_fabric_cn4093_10gb_converged_scalable_switch:-:*:*:*:*:*:*:*

cpe:2.3:h:ibm:flex_system_fabric_en4093\/en4093r_10gb_scalable_switch:-:*:*:*:*:*:*:*

cpe:2.3:h:ibm:flex_system_fabric_si4093_10gb_system_interconnect_module:-:*:*:*:*:*:*:*

cpe:2.3:h:ibm:rackswitch_g8052:-:*:*:*:*:*:*:*

cpe:2.3:h:ibm:rackswitch_g8124:-:*:*:*:*:*:*:*

cpe:2.3:h:ibm:rackswitch_g8124e:-:*:*:*:*:*:*:*

cpe:2.3:h:ibm:rackswitch_g8264:-:*:*:*:*:*:*:*

cpe:2.3:h:ibm:rackswitch_g8264cs:-:*:*:*:*:*:*:*

cpe:2.3:h:ibm:rackswitch_g8264t:-:*:*:*:*:*:*:*

cpe:2.3:h:ibm:rackswitch_g8316:-:*:*:*:*:*:*:*

cpe:2.3:h:ibm:rackswitch_g8332:-:*:*:*:*:*:*:*

EPSS

Процентиль: 10%

0.00036

Низкий

7 High

CVSS3

6.2 Medium

CVSS2

Дефекты

CWE-287

Связанные уязвимости

GHSA-6r95-2q8q-g3c2