Vulnerability CVE-2017-3752


Published: 2017-08-09

Description:
An industry-wide vulnerability has been identified in the implementation of the Open Shortest Path First (OSPF) routing protocol used on some Lenovo switches. Exploitation of these implementation flaws may result in attackers being able to erase or alter the routing tables of one or many routers, switches, or other devices that support OSPF within a routing domain.

Vendor: Lenovo
Product: G8272 firmware 
Version: 8.4.3.0;
Product: G8332 firmware 
Version: 8.4.3.0;
Product: Fabric en4093r 10gb firmware 
Version: 8.4.3.0;
Product: G8296 firmware 
Version: 8.4.3.0;
Product: G8052 firmware 
Version: 8.4.3.0;
Product: G8264cs firmware 
Version: 8.4.3.0;
Product: Fabric cn4093 10gb firmware 
Version: 8.4.3.0;
Product: G8124e firmware 
Version: 8.4.3.0;
Product: G8264 firmware 
Version: 8.4.3.0;
Product: Si4091 firmware 
Version: 8.4.3.0;
Vendor: IBM
Product: G8264t firmware 
Version: 7.9.19.0;
Product: G8264 firmware 
Version: 7.9.19.0;
Product: G8052 firmware 
Version: 7.9.19.0;
Product: G8316 firmware 
Version: 7.9.19.0;
Product: Fabric cn4093 10gb firmware 
Version: 7.8.16.0;
Product: En2092 1gb firmware 
Version: 7.8.16.0;
Product: Fabric en4093/en4093r 10gb firmware 
Version: 7.8.16.0;
Product: G8264cs firmware 
Version: 7.8.16.0;
Product: Virtual fabric 10gb 
Version: 7.8.12.0;
Product: G8332 firmware 
Version: 7.7.25.0;
Product: G8124 firmware 
Version: 7.11.9.0;
Product: G8124e firmware 
Version: 7.11.9.0;
Product: Layer 2/3 copper firmware 
Version: 5.3.10.0;
Product: 1g l2-7 slb 
Version: 21.0.24.0;
Product: 1 
Version: 10g_firmware;

CVSS2 => (AV:A/AC:M/Au:N/C:N/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
4.9/10
5.5/10
Exploit range
Attack complexity
Authentication
Adjacent network
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
Partial

 References:
http://www.securityfocus.com/bid/99995
https://support.lenovo.com/us/en/product_security/LEN-14078

Related CVE
CVE-2018-1384
IBM Business Process Manager 8.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a t...
CVE-2017-1767
IBM Business Process Manager 8.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a t...
CVE-2015-7434
IBM Capacity Management Analytics 2.1.0.0 allows local users to discover encrypted usernames and passwords by leveraging access to the CMA install machine. IBM X-Force ID: 107863.
CVE-2015-7433
IBM Capacity Management Analytics 2.1.0.0 allows local users to discover cleartext usernames and passwords by leveraging access to the CMA install machine. IBM X-Force ID: 107862.
CVE-2015-7432
IBM Capacity Management Analytics 2.1.0.0 allows local users to decrypt usernames and passwords by leveraging access to setenv.sh and parameter.txt. IBM X-Force ID: 107861.
CVE-2015-7423
Multiple cross-site scripting (XSS) vulnerabilities in IBM InfoSphere Master Data Management (MDM) - Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...
CVE-2015-7401
IBM Curam Social Program Management 6.1.x before 6.1.1.1 allows remote authenticated users to bypass intended access restrictions and obtain sensitive document information by guessing the document id. IBM X-Force ID: 107106.
CVE-2018-1429
IBM MQ Appliance 9.0.1, 9.0.2, 9.0.3, amd 9.0.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclo...

Copyright 2018, cxsecurity.com

 

Back to Top