Vulnerability CVE-2017-3752


Published: 2017-08-09

Description:
An industry-wide vulnerability has been identified in the implementation of the Open Shortest Path First (OSPF) routing protocol used on some Lenovo switches. Exploitation of these implementation flaws may result in attackers being able to erase or alter the routing tables of one or many routers, switches, or other devices that support OSPF within a routing domain.

CVSS2 => (AV:A/AC:M/Au:N/C:N/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
4.9/10
5.5/10
Exploit range
Attack complexity
Authentication
Adjacent network
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
Partial
Affected software
Lenovo -> G8332 firmware 
Lenovo -> G8124e firmware 
Lenovo -> G8296 firmware 
Lenovo -> Si4091 firmware 
Lenovo -> G8264cs firmware 
Lenovo -> G8272 firmware 
Lenovo -> Fabric cn4093 10gb firmware 
Lenovo -> Fabric en4093r 10gb firmware 
Lenovo -> G8264 firmware 
Lenovo -> G8052 firmware 
IBM -> Virtual fabric 10gb 
IBM -> G8264 firmware 
IBM -> Fabric cn4093 10gb firmware 
IBM -> Fabric en4093/en4093r 10gb firmware 
IBM -> En2092 1gb firmware 
IBM -> G8124e firmware 
IBM -> Layer 2/3 copper firmware 
IBM -> G8264t firmware 
IBM -> 1 
IBM -> 1g l2-7 slb 
IBM -> G8264cs firmware 
IBM -> G8052 firmware 
IBM -> G8332 firmware 
IBM -> G8316 firmware 
IBM -> G8124 firmware 

 References:
http://www.securityfocus.com/bid/99995
https://support.lenovo.com/us/en/product_security/LEN-14078

Copyright 2020, cxsecurity.com

 

Back to Top