Vulnerability CVE-2017-3752


Published: 2017-08-09   Modified: 2017-08-30

Description:
An industry-wide vulnerability has been identified in the implementation of the Open Shortest Path First (OSPF) routing protocol used on some Lenovo switches. Exploitation of these implementation flaws may result in attackers being able to erase or alter the routing tables of one or many routers, switches, or other devices that support OSPF within a routing domain.

Vendor: Lenovo
Product: G8332 firmware 
Version: 8.4.3.0;
Product: G8124e firmware 
Version: 8.4.3.0;
Product: G8296 firmware 
Version: 8.4.3.0;
Product: Si4091 firmware 
Version: 8.4.3.0;
Product: G8264cs firmware 
Version: 8.4.3.0;
Product: G8272 firmware 
Version: 8.4.3.0;
Product: Fabric cn4093 10gb firmware 
Version: 8.4.3.0;
Product: Fabric en4093r 10gb firmware 
Version: 8.4.3.0;
Product: G8264 firmware 
Version: 8.4.3.0;
Product: G8052 firmware 
Version: 8.4.3.0;
Vendor: IBM
Product: G8052 firmware 
Version: 7.9.19.0;
Product: G8316 firmware 
Version: 7.9.19.0;
Product: G8264 firmware 
Version: 7.9.19.0;
Product: G8264t firmware 
Version: 7.9.19.0;
Product: G8264cs firmware 
Version: 7.8.16.0;
Product: Fabric cn4093 10gb firmware 
Version: 7.8.16.0;
Product: Fabric en4093/en4093r 10gb firmware 
Version: 7.8.16.0;
Product: En2092 1gb firmware 
Version: 7.8.16.0;
Product: Virtual fabric 10gb 
Version: 7.8.12.0;
Product: G8332 firmware 
Version: 7.7.25.0;
Product: G8124 firmware 
Version: 7.11.9.0;
Product: G8124e firmware 
Version: 7.11.9.0;
Product: Layer 2/3 copper firmware 
Version: 5.3.10.0;
Product: 1g l2-7 slb 
Version: 21.0.24.0;
Product: 1 
Version: 10g_firmware;

CVSS2 => (AV:A/AC:M/Au:N/C:N/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
4.9/10
5.5/10
Exploit range
Attack complexity
Authentication
Adjacent network
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
Partial

 References:
http://www.securityfocus.com/bid/99995
https://support.lenovo.com/us/en/product_security/LEN-14078

Related CVE
CVE-2017-1554
IBM Infosphere BigInsights 4.2.0 and 4.2.5 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's clic...
CVE-2017-1552
IBM Infosphere BigInsights 4.2.0 and 4.2.5 is vulnerable to link injection. By persuading a victim to click on a specially-crafted URL link, a remote attacker could exploit this vulnerability to conduct various attacks against the vulnerable system, ...
CVE-2017-1333
IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 could allow an unauthenticated user to obtain sensitive information about the server that could be used in future attacks against the system. IBM X-Force ID: 126241.
CVE-2017-1148
IBM OpenPages GRC Platform 7.2 and 7.3 with OpenPages Loss Event Entry (LEE) application could allow a user to obtain sensitive information including private APIs that could be used in further attacks against the system. IBM X-Force ID: 122201.
CVE-2016-3048
IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosur...
CVE-2017-15535
IBM Infosphere BigInsights 4.2.0 and 4.2.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure ...
CVE-2017-1232
IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. IBM X-Force ID: 123911.
CVE-2017-1363
IBM Team Concert (RTC) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted ses...

Copyright 2017, cxsecurity.com

 

Back to Top