A vulnerability in the Enterprise Network Operating System (ENOS) firmware used by multiple Lenovo and IBM switches could allow a local attacker to bypass authentication on a targeted device.
The vulnerability is due to the presence of a mechanism, known as HP Backdoor, for bypassing authentication on the affected switches. An attacker who has access to credentials that are unique to a targeted switch could exploit this vulnerability by using those credentials to authenticate to the switch. A successful exploit could allow the attacker to bypass authentication and gain administrative-level access to the switch, which could result in a complete system compromise.
Lenovo has confirmed the vulnerability and released firmware updates.
CVE Number – CVE-2017-3765
To exploit this vulnerability, the attacker may need to acquire knowledge of the ENOS interface and authentication configurations on the targeted switch, in addition to knowledge of unique local authentication credentials for the switch. These requirements may reduce the likelihood of a successful exploit.
Administrators are advised to apply the appropriate updates.
Administrators are advised to allow only trusted users to access local systems.
Administrators are advised to enforce strong passwords for local accounts.
Administrators are advised to allow only privileged users to access administration or management systems.
Administrators are advised to monitor affected systems.
Lenovo has released a security advisory at the following link: LEN-16095
Lenovo has released firmware updates for multiple Lenovo and IBM switches. Links to specific product updates are available in the “Product Impact” section of the Lenovo advisory.