CVE-2017-3765 — HIGH (7.0) — White Hats Nepal

Q: How severe is CVE-2017-3765?

CVE-2017-3765 has been rated HIGH with a CVSS base score of 7.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2017-3765?

Check the references section above for vendor advisories and patch information. Affected products include: Lenovo Enterprise Network Operating System, Lenovo Flex System Fabric Cn4093 10Gb Converged Scalable Switch, Lenovo Flex System Fabric En4093R 10Gb Scalable Switch, Lenovo Flex System Fabric Si4093 10Gb System Interconnect Module, Lenovo Flex System Si4091 System Interconnect Module.

Vulnerability Description

In Enterprise Networking Operating System (ENOS) in Lenovo and IBM RackSwitch and BladeCenter products, an authentication bypass known as "HP Backdoor" was discovered during a Lenovo security audit in the serial console, Telnet, SSH, and Web interfaces. This bypass mechanism can be accessed when performing local authentication under specific circumstances. If exploited, admin-level access to the switch is granted.

CVSS Score

7.0

HIGH

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Lenovo	Enterprise Network Operating System	< 8.4.6.0
Lenovo	Flex System Fabric Cn4093 10Gb Converged Scalable Switch	-
Lenovo	Flex System Fabric En4093R 10Gb Scalable Switch	-
Lenovo	Flex System Fabric Si4093 10Gb System Interconnect Module	-
Lenovo	Flex System Si4091 System Interconnect Module	-
Lenovo	Rackswitch G7028	-
Lenovo	Rackswitch G7052	-
Lenovo	Rackswitch G8052	-
Lenovo	Rackswitch G8124E	-
Lenovo	Rackswitch G8264	-
Lenovo	Rackswitch G8264Cs	-
Lenovo	Rackswitch G8272	-
Lenovo	Rackswitch G8296	-
Lenovo	Rackswitch G8332	-
Ibm	1G L2-7 Slb Switch For Bladecenter	-
Ibm	Bladecenter 1\	10g_uplink_ethernet_switch_module
Ibm	Bladecenter Layer 2\/3 Copper Ethernet Switch Module	-
Ibm	Bladecenter Virtual Fabric 10Gb Switch Module	-
Ibm	Flex System En2092 1Gb Ethernet Scalable Switch	-
Ibm	Flex System Fabric Cn4093 10Gb Converged Scalable Switch	-

Related Weaknesses (CWE)

CWE-287

References

http://www.securitytracker.com/id/1040296Third Party Advisory
https://support.lenovo.com/us/en/product_security/LEN-16095MitigationPatchVendor Advisory
http://www.securitytracker.com/id/1040296Third Party Advisory
https://support.lenovo.com/us/en/product_security/LEN-16095MitigationPatchVendor Advisory

FAQ

What is CVE-2017-3765?

CVE-2017-3765 is a vulnerability with a CVSS score of 7.0 (HIGH). In Enterprise Networking Operating System (ENOS) in Lenovo and IBM RackSwitch and BladeCenter products, an authentication bypass known as "HP Backdoor" was discovered during a Lenovo security audit in...

How severe is CVE-2017-3765?

CVE-2017-3765 has been rated HIGH with a CVSS base score of 7.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-3765?

Check the references section above for vendor advisories and patch information. Affected products include: Lenovo Enterprise Network Operating System, Lenovo Flex System Fabric Cn4093 10Gb Converged Scalable Switch, Lenovo Flex System Fabric En4093R 10Gb Scalable Switch, Lenovo Flex System Fabric Si4093 10Gb System Interconnect Module, Lenovo Flex System Si4091 System Interconnect Module.