Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2017-3765
Analyzed
More InfoOfficial Page
Source-psirt@lenovo.com
View Known Exploited Vulnerability (KEV) details
Published At-10 Jan, 2018 | 18:29
Updated At-06 Feb, 2018 | 14:12

In Enterprise Networking Operating System (ENOS) in Lenovo and IBM RackSwitch and BladeCenter products, an authentication bypass known as "HP Backdoor" was discovered during a Lenovo security audit in the serial console, Telnet, SSH, and Web interfaces. This bypass mechanism can be accessed when performing local authentication under specific circumstances. If exploited, admin-level access to the switch is granted.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.07.0HIGH
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary2.06.2MEDIUM
AV:L/AC:H/Au:N/C:C/I:C/A:C
CPE Matches
Lenovo Group Limited
lenovo
>>enterprise_network_operating_system>>Versions before 8.4.6.0(exclusive)
cpe:2.3:o:lenovo:enterprise_network_operating_system:*:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>flex_system_fabric_cn4093_10gb_converged_scalable_switch>>-
cpe:2.3:h:lenovo:flex_system_fabric_cn4093_10gb_converged_scalable_switch:-:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>flex_system_fabric_en4093r_10gb_scalable_switch>>-
cpe:2.3:h:lenovo:flex_system_fabric_en4093r_10gb_scalable_switch:-:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>flex_system_fabric_si4093_10gb_system_interconnect_module>>-
cpe:2.3:h:lenovo:flex_system_fabric_si4093_10gb_system_interconnect_module:-:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>flex_system_si4091_system_interconnect_module>>-
cpe:2.3:h:lenovo:flex_system_si4091_system_interconnect_module:-:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>rackswitch_g7028>>-
cpe:2.3:h:lenovo:rackswitch_g7028:-:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>rackswitch_g7052>>-
cpe:2.3:h:lenovo:rackswitch_g7052:-:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>rackswitch_g8052>>-
cpe:2.3:h:lenovo:rackswitch_g8052:-:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>rackswitch_g8124e>>-
cpe:2.3:h:lenovo:rackswitch_g8124e:-:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>rackswitch_g8264>>-
cpe:2.3:h:lenovo:rackswitch_g8264:-:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>rackswitch_g8264cs>>-
cpe:2.3:h:lenovo:rackswitch_g8264cs:-:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>rackswitch_g8272>>-
cpe:2.3:h:lenovo:rackswitch_g8272:-:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>rackswitch_g8296>>-
cpe:2.3:h:lenovo:rackswitch_g8296:-:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>rackswitch_g8332>>-
cpe:2.3:h:lenovo:rackswitch_g8332:-:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>enterprise_network_operating_system>>Versions before 8.4.6.0(exclusive)
cpe:2.3:o:lenovo:enterprise_network_operating_system:*:*:*:*:*:*:*:*
IBM Corporation
ibm
>>1g_l2-7_slb_switch_for_bladecenter>>-
cpe:2.3:h:ibm:1g_l2-7_slb_switch_for_bladecenter:-:*:*:*:*:*:*:*
IBM Corporation
ibm
>>bladecenter_1\>>10g_uplink_ethernet_switch_module
cpe:2.3:h:ibm:bladecenter_1\:10g_uplink_ethernet_switch_module:-:*:*:*:*:*:*:*
IBM Corporation
ibm
>>bladecenter_layer_2\/3_copper_ethernet_switch_module>>-
cpe:2.3:h:ibm:bladecenter_layer_2\/3_copper_ethernet_switch_module:-:*:*:*:*:*:*:*
IBM Corporation
ibm
>>bladecenter_virtual_fabric_10gb_switch_module>>-
cpe:2.3:h:ibm:bladecenter_virtual_fabric_10gb_switch_module:-:*:*:*:*:*:*:*
IBM Corporation
ibm
>>flex_system_en2092_1gb_ethernet_scalable_switch>>-
cpe:2.3:h:ibm:flex_system_en2092_1gb_ethernet_scalable_switch:-:*:*:*:*:*:*:*
IBM Corporation
ibm
>>flex_system_fabric_cn4093_10gb_converged_scalable_switch>>-
cpe:2.3:h:ibm:flex_system_fabric_cn4093_10gb_converged_scalable_switch:-:*:*:*:*:*:*:*
IBM Corporation
ibm
>>flex_system_fabric_en4093\/en4093r_10gb_scalable_switch>>-
cpe:2.3:h:ibm:flex_system_fabric_en4093\/en4093r_10gb_scalable_switch:-:*:*:*:*:*:*:*
IBM Corporation
ibm
>>flex_system_fabric_si4093_10gb_system_interconnect_module>>-
cpe:2.3:h:ibm:flex_system_fabric_si4093_10gb_system_interconnect_module:-:*:*:*:*:*:*:*
IBM Corporation
ibm
>>rackswitch_g8052>>-
cpe:2.3:h:ibm:rackswitch_g8052:-:*:*:*:*:*:*:*
IBM Corporation
ibm
>>rackswitch_g8124>>-
cpe:2.3:h:ibm:rackswitch_g8124:-:*:*:*:*:*:*:*
IBM Corporation
ibm
>>rackswitch_g8124e>>-
cpe:2.3:h:ibm:rackswitch_g8124e:-:*:*:*:*:*:*:*
IBM Corporation
ibm
>>rackswitch_g8264>>-
cpe:2.3:h:ibm:rackswitch_g8264:-:*:*:*:*:*:*:*
IBM Corporation
ibm
>>rackswitch_g8264cs>>-
cpe:2.3:h:ibm:rackswitch_g8264cs:-:*:*:*:*:*:*:*
IBM Corporation
ibm
>>rackswitch_g8264t>>-
cpe:2.3:h:ibm:rackswitch_g8264t:-:*:*:*:*:*:*:*
IBM Corporation
ibm
>>rackswitch_g8316>>-
cpe:2.3:h:ibm:rackswitch_g8316:-:*:*:*:*:*:*:*
IBM Corporation
ibm
>>rackswitch_g8332>>-
cpe:2.3:h:ibm:rackswitch_g8332:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-287Primarynvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.securitytracker.com/id/1040296psirt@lenovo.com
Third Party Advisory
https://support.lenovo.com/us/en/product_security/LEN-16095psirt@lenovo.com
Mitigation
Patch
Vendor Advisory
Change History
0Changes found
Details not found