CVE-2017-3765

In Enterprise Networking Operating System (ENOS) in Lenovo and IBM RackSwitch and BladeCenter products, an authentication bypass known as "HP Backdoor" was discovered during a Lenovo security audit in the serial console, Telnet, SSH, and Web interfaces. This bypass mechanism can be accessed when performing local authentication under specific circumstances. If exploited, admin-level access to the switch is granted.
References
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:lenovo:enterprise_network_operating_system:*:*:*:*:*:*:*:*
OR cpe:2.3:h:lenovo:flex_system_fabric_cn4093_10gb_converged_scalable_switch:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:flex_system_fabric_en4093r_10gb_scalable_switch:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:flex_system_fabric_si4093_10gb_system_interconnect_module:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:flex_system_si4091_system_interconnect_module:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:rackswitch_g7028:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:rackswitch_g7052:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:rackswitch_g8052:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:rackswitch_g8124e:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:rackswitch_g8264:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:rackswitch_g8264cs:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:rackswitch_g8272:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:rackswitch_g8296:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:rackswitch_g8332:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:lenovo:enterprise_network_operating_system:*:*:*:*:*:*:*:*
OR cpe:2.3:h:ibm:1g_l2-7_slb_switch_for_bladecenter:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:bladecenter_1\:10g_uplink_ethernet_switch_module:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:bladecenter_layer_2\/3_copper_ethernet_switch_module:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:bladecenter_virtual_fabric_10gb_switch_module:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:flex_system_en2092_1gb_ethernet_scalable_switch:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:flex_system_fabric_cn4093_10gb_converged_scalable_switch:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:flex_system_fabric_en4093\/en4093r_10gb_scalable_switch:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:flex_system_fabric_si4093_10gb_system_interconnect_module:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:rackswitch_g8052:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:rackswitch_g8124:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:rackswitch_g8124e:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:rackswitch_g8264:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:rackswitch_g8264cs:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:rackswitch_g8264t:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:rackswitch_g8316:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:rackswitch_g8332:-:*:*:*:*:*:*:*

History

21 Nov 2024, 03:26

Type Values Removed Values Added
References () http://www.securitytracker.com/id/1040296 - Third Party Advisory () http://www.securitytracker.com/id/1040296 - Third Party Advisory
References () https://support.lenovo.com/us/en/product_security/LEN-16095 - Mitigation, Patch, Vendor Advisory () https://support.lenovo.com/us/en/product_security/LEN-16095 - Mitigation, Patch, Vendor Advisory

Information

Published : 2018-01-10 18:29

Updated : 2024-11-21 03:26


NVD link : CVE-2017-3765

Mitre link : CVE-2017-3765

CVE.ORG link : CVE-2017-3765


JSON object : View

Products Affected

ibm

  • rackswitch_g8264cs
  • flex_system_fabric_cn4093_10gb_converged_scalable_switch
  • rackswitch_g8264t
  • flex_system_fabric_si4093_10gb_system_interconnect_module
  • rackswitch_g8124e
  • rackswitch_g8264
  • bladecenter_layer_2\/3_copper_ethernet_switch_module
  • rackswitch_g8316
  • 1g_l2-7_slb_switch_for_bladecenter
  • bladecenter_1\
  • rackswitch_g8052
  • flex_system_en2092_1gb_ethernet_scalable_switch
  • rackswitch_g8332
  • flex_system_fabric_en4093\/en4093r_10gb_scalable_switch
  • bladecenter_virtual_fabric_10gb_switch_module
  • rackswitch_g8124

lenovo

  • rackswitch_g7028
  • rackswitch_g7052
  • rackswitch_g8052
  • rackswitch_g8332
  • enterprise_network_operating_system
  • rackswitch_g8272
  • rackswitch_g8264cs
  • flex_system_fabric_cn4093_10gb_converged_scalable_switch
  • rackswitch_g8296
  • flex_system_fabric_si4093_10gb_system_interconnect_module
  • rackswitch_g8124e
  • flex_system_fabric_en4093r_10gb_scalable_switch
  • flex_system_si4091_system_interconnect_module
  • rackswitch_g8264
CWE
CWE-287

Improper Authentication