CVE-2017-3765

CVSS V2 Medium 6.2 CVSS V3 High 7

Description

In Enterprise Networking Operating System (ENOS) in Lenovo and IBM RackSwitch and BladeCenter products, an authentication bypass known as "HP Backdoor" was discovered during a Lenovo security audit in the serial console, Telnet, SSH, and Web interfaces. This bypass mechanism can be accessed when performing local authentication under specific circumstances. If exploited, admin-level access to the switch is granted.

Overview

CVE ID
CVE-2017-3765

Assigner
psirt@lenovo.com

Vulnerability Status
Analyzed

Published Version
2018-01-10T18:29:01

Last Modified Date
2018-02-06T14:12:49

Weakness Enumerations

CWE	URL
CWE-287	http://cwe.mitre.org/data/definitions/287.html

CPE Configuration (Product)

CPE	Vulnerable	Operator	Version End
		AND
cpe:2.3:o:lenovo:enterprise_network_operating_system::::::::	1	OR	8.4.6.0
cpe:2.3:h:lenovo:flex_system_fabric_cn4093_10gb_converged_scalable_switch:-:::::::*	0	OR
cpe:2.3:h:lenovo:flex_system_fabric_en4093r_10gb_scalable_switch:-:::::::*	0	OR
cpe:2.3:h:lenovo:flex_system_fabric_si4093_10gb_system_interconnect_module:-:::::::*	0	OR
cpe:2.3:h:lenovo:flex_system_si4091_system_interconnect_module:-:::::::*	0	OR
cpe:2.3:h:lenovo:rackswitch_g7028:-:::::::*	0	OR
cpe:2.3:h:lenovo:rackswitch_g7052:-:::::::*	0	OR
cpe:2.3:h:lenovo:rackswitch_g8052:-:::::::*	0	OR
cpe:2.3:h:lenovo:rackswitch_g8124e:-:::::::*	0	OR
cpe:2.3:h:lenovo:rackswitch_g8264:-:::::::*	0	OR
cpe:2.3:h:lenovo:rackswitch_g8264cs:-:::::::*	0	OR
cpe:2.3:h:lenovo:rackswitch_g8272:-:::::::*	0	OR
cpe:2.3:h:lenovo:rackswitch_g8296:-:::::::*	0	OR
cpe:2.3:h:lenovo:rackswitch_g8332:-:::::::*	0	OR
		AND
cpe:2.3:o:lenovo:enterprise_network_operating_system::::::::	1	OR	8.4.6.0
cpe:2.3:h:ibm:1g_l2-7_slb_switch_for_bladecenter:-:::::::*	0	OR
cpe:2.3:h:ibm:bladecenter_1\:10g_uplink_ethernet_switch_module:-:::::::*	0	OR
cpe:2.3:h:ibm:bladecenter_layer_2\/3_copper_ethernet_switch_module:-:::::::*	0	OR
cpe:2.3:h:ibm:bladecenter_virtual_fabric_10gb_switch_module:-:::::::*	0	OR
cpe:2.3:h:ibm:flex_system_en2092_1gb_ethernet_scalable_switch:-:::::::*	0	OR
cpe:2.3:h:ibm:flex_system_fabric_cn4093_10gb_converged_scalable_switch:-:::::::*	0	OR
cpe:2.3:h:ibm:flex_system_fabric_en4093\/en4093r_10gb_scalable_switch:-:::::::*	0	OR
cpe:2.3:h:ibm:flex_system_fabric_si4093_10gb_system_interconnect_module:-:::::::*	0	OR
cpe:2.3:h:ibm:rackswitch_g8052:-:::::::*	0	OR
cpe:2.3:h:ibm:rackswitch_g8124:-:::::::*	0	OR
cpe:2.3:h:ibm:rackswitch_g8124e:-:::::::*	0	OR
cpe:2.3:h:ibm:rackswitch_g8264:-:::::::*	0	OR
cpe:2.3:h:ibm:rackswitch_g8264cs:-:::::::*	0	OR
cpe:2.3:h:ibm:rackswitch_g8264t:-:::::::*	0	OR
cpe:2.3:h:ibm:rackswitch_g8316:-:::::::*	0	OR
cpe:2.3:h:ibm:rackswitch_g8332:-:::::::*	0	OR

CVSS Version 2

Version
2.0

Vector String
AV:L/AC:H/Au:N/C:C/I:C/A:C

Access Vector
LOCAL

Access Compatibility
HIGH

Authentication
NONE

Confidentiality Impact
COMPLETE

Integrity Impact
COMPLETE

Availability Impact
COMPLETE

Base Score
6.2

Severity
MEDIUM

Exploitability Score
1.9

Impact Score
10

CVSS Version 3

Version
3.0

Vector String
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector
LOCAL

Attack Compatibility
HIGH

Privileges Required
LOW

User Interaction
NONE

Scope
UNCHANGED

Confidentiality Impact
HIGH

Availability Impact
HIGH

Base Score
7

Base Severity
HIGH

Exploitability Score
1

Impact Score
5.9

References

Reference URL	Reference Tags
https://support.lenovo.com/us/en/product_security/LEN-16095	Mitigation Patch Vendor Advisory
http://www.securitytracker.com/id/1040296	Third Party Advisory

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2017-3765
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3765

History

Created	Old Value	New Value	Data Type	Notes
2022-05-10 18:49:01				Added to TrackCVE
2022-12-03 00:51:23	2018-01-10T18:29Z	2018-01-10T18:29:01	CVE Published Date	updated
2022-12-03 00:51:23		2018-02-06T14:12:49	CVE Modified Date	updated
2022-12-03 00:51:23		Analyzed	Vulnerability Status	updated