TROYANOSYVIRUS
Back to CVEs

CVE-2017-3765

N/A

Description

In Enterprise Networking Operating System (ENOS) in Lenovo and IBM RackSwitch and BladeCenter products, an authentication bypass known as "HP Backdoor" was discovered during a Lenovo security audit in the serial console, Telnet, SSH, and Web interfaces. This bypass mechanism can be accessed when performing local authentication under specific circumstances. If exploited, admin-level access to the switch is granted.

CVE Details

CVSS v3.1 ScoreN/A
Published1/10/2018
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0

Affected Products

ibm:1g_l2-7_slb_switch_for_bladecenteribm:bladecenter_1\ibm:bladecenter_layer_2\/3_copper_ethernet_switch_moduleibm:bladecenter_virtual_fabric_10gb_switch_moduleibm:flex_system_en2092_1gb_ethernet_scalable_switchibm:flex_system_fabric_cn4093_10gb_converged_scalable_switchibm:flex_system_fabric_en4093\/en4093r_10gb_scalable_switchibm:flex_system_fabric_si4093_10gb_system_interconnect_moduleibm:rackswitch_g8052ibm:rackswitch_g8124ibm:rackswitch_g8124eibm:rackswitch_g8264ibm:rackswitch_g8264csibm:rackswitch_g8264tibm:rackswitch_g8316ibm:rackswitch_g8332lenovo:enterprise_network_operating_systemlenovo:flex_system_fabric_cn4093_10gb_converged_scalable_switchlenovo:flex_system_fabric_en4093r_10gb_scalable_switchlenovo:flex_system_fabric_si4093_10gb_system_interconnect_modulelenovo:flex_system_si4091_system_interconnect_modulelenovo:rackswitch_g7028lenovo:rackswitch_g7052lenovo:rackswitch_g8052lenovo:rackswitch_g8124elenovo:rackswitch_g8264lenovo:rackswitch_g8264cslenovo:rackswitch_g8272lenovo:rackswitch_g8296lenovo:rackswitch_g8332

Weaknesses (CWE)

CWE-287

References

http://www.securitytracker.com/id/1040296(psirt@lenovo.com)
https://support.lenovo.com/us/en/product_security/LEN-16095(psirt@lenovo.com)
http://www.securitytracker.com/id/1040296(af854a3a-2127-422b-91ae-364da2661108)
https://support.lenovo.com/us/en/product_security/LEN-16095(af854a3a-2127-422b-91ae-364da2661108)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.