CVE-2017-3752 — HIGH (8.2) — White Hats Nepal

Q: How severe is CVE-2017-3752?

CVE-2017-3752 has been rated HIGH with a CVSS base score of 8.2/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2017-3752?

Check the references section above for vendor advisories and patch information. Affected products include: Ibm 1G L2-7 Slb, Ibm Flex System, Ibm 1\, Ibm Bladecenter, Ibm Layer 2\/3 Copper Firmware.

Vulnerability Description

An industry-wide vulnerability has been identified in the implementation of the Open Shortest Path First (OSPF) routing protocol used on some Lenovo switches. Exploitation of these implementation flaws may result in attackers being able to erase or alter the routing tables of one or many routers, switches, or other devices that support OSPF within a routing domain.

CVSS Score

8.2

HIGH

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:H

Attack Vector

ADJACENT_NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

LOW

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Ibm	1G L2-7 Slb	<= 21.0.24.0
Ibm	Flex System	-
Ibm	1\	<= 7.4.16.0, 10g_firmware
Ibm	Bladecenter	-
Ibm	Layer 2\/3 Copper Firmware	<= 5.3.10.0
Ibm	Virtual Fabric 10Gb	<= 7.8.12.0
Ibm	En2092 1Gb Firmware	<= 7.8.16.0
Ibm	Fabric Cn4093 10Gb Firmware	<= 7.8.16.0
Ibm	Fabric En4093\/En4093R 10Gb Firmware	<= 7.8.16.0
Ibm	G8052 Firmware	<= 7.9.19.0
Ibm	Rackswitch	-
Ibm	G8124 Firmware	<= 7.11.9.0
Ibm	G8124E Firmware	<= 7.11.9.0
Ibm	G8264 Firmware	<= 7.9.19.0
Ibm	G8264Cs Firmware	<= 7.8.16.0
Ibm	G8264T Firmware	<= 7.9.19.0
Ibm	G8316 Firmware	<= 7.9.19.0
Ibm	G8332 Firmware	<= 7.7.25.0
Lenovo	Fabric Cn4093 10Gb Firmware	<= 8.4.3.0
Lenovo	Flex System	-

Related Weaknesses (CWE)

CWE-20

References

http://www.securityfocus.com/bid/99995Third Party AdvisoryVDB Entry
https://support.lenovo.com/us/en/product_security/LEN-14078Vendor Advisory
http://www.securityfocus.com/bid/99995Third Party AdvisoryVDB Entry
https://support.lenovo.com/us/en/product_security/LEN-14078Vendor Advisory

FAQ

What is CVE-2017-3752?

CVE-2017-3752 is a vulnerability with a CVSS score of 8.2 (HIGH). An industry-wide vulnerability has been identified in the implementation of the Open Shortest Path First (OSPF) routing protocol used on some Lenovo switches. Exploitation of these implementation flaw...

How severe is CVE-2017-3752?

CVE-2017-3752 has been rated HIGH with a CVSS base score of 8.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-3752?

Check the references section above for vendor advisories and patch information. Affected products include: Ibm 1G L2-7 Slb, Ibm Flex System, Ibm 1\, Ibm Bladecenter, Ibm Layer 2\/3 Copper Firmware.