Note to readers

This publication does not currently meet the Government of Canada's Web Standards. The information remains valid.

Lenovo security advisory

Number: AV18-010
Date: 16 January 2018

Purpose

 

Assessment

Lenovo has released a security advisory to address a vulnerability VulnerabilityA flaw or weakness in the design or implementation of an information system or its environment that could be exploited to adversely affect an organization's assets or operations. known as “HP Backdoor BackdoorAn undocumented, private, or less-detectable way of gaining remote access to a computer, bypassing authentication measures, and obtaining access to plaintext. ” which could allow an unauthenticated remote user to bypass authentication AuthenticationA process or measure used to verify a users identity. and gain administrative privileges Administrative privilegesThe permissions that allow a user to perform certain functions on a system or network, such as installing software and changing configuration settings. on a targeted device.

Affected Products:

  • Lenovo Flex System Fabric CN4093 10Gb Converged Scalable Switch 
  • Lenovo Flex System Fabric EN4093R 10Gb Scalable Switch 
  • Lenovo Flex System Fabric SI4093 10Gb System Interconnect Module 
  • Lenovo Flex System SI4091 System Interconnect Module 
  • Lenovo Rack Switch G8272-CNOS 
  • Lenovo RackSwitch G8332-CNOS 
  • Lenovo RackSwitch G7028 (ThinkAgile CX2200) 
  • Lenovo RackSwitch G7052 (ThinkAgile CX4200/CX4600) 
  • Lenovo RackSwitch G8052 
  • Lenovo RackSwitch G8124E (ThinkAgile CX2200) 
  • Lenovo RackSwitch G8264 
  • Lenovo RackSwitch G8264CS 
  • Lenovo RackSwitch G8272 (ThinkAgile CX4200/CX4600) 
  • Lenovo RackSwitch G8296 
  • Lenovo RackSwitch G8296-CNOS 
  • Lenovo RackSwitch G8332 
  • IBM Flex System™ Fabric EN4093/EN4093R 10Gb Scalable Switch 
  • IBM Flex System™ Fabric CN4093 10Gb Converged Scalable Switch 
  • IBM Flex System™ Fabric SI4093 10Gb System Interconnect Module 
  • IBM Flex System EN2092 1Gb Ethernet Scalable Switch 
  • IBM 1G L2-7 SLB switch for Bladecenter 
  • IBM BladeCenter Virtual Fabric 10Gb Switch Module 
  • IBM Bladecenter 1:10G Uplink Ethernet switch Module 
  • IBM BladeCenter Layer 2/3 Copper Ethernet Switch Module 
  • IBM RackSwitch G8264CS 
  • IBM RackSwitch G8264 
  • IBM RackSwitch G8052 
  • IBM Rackswitch G8332 
  • IBM RackSwitch G8124E 
  • IBM RackSwitch G8264T 
  • IBM RackSwitch G8316 
  • IBM RackSwitch G8124 

CVE Reference: CVE-2017-3765

Suggested action

CCIRC recommends that system administrators test and deploy the vendor-released updates to affected applications accordingly.

References

https://support.lenovo.com/ca/en/product_security/len-16095

Date modified: