Number: AV18-010
Date: 16 January 2018
Purpose
Assessment
Lenovo has released a security advisory to address a vulnerability known as “HP Backdoor ” which could allow an unauthenticated remote user to bypass authentication and gain administrative privileges on a targeted device.
Affected Products:
- Lenovo Flex System Fabric CN4093 10Gb Converged Scalable Switch
- Lenovo Flex System Fabric EN4093R 10Gb Scalable Switch
- Lenovo Flex System Fabric SI4093 10Gb System Interconnect Module
- Lenovo Flex System SI4091 System Interconnect Module
- Lenovo Rack Switch G8272-CNOS
- Lenovo RackSwitch G8332-CNOS
- Lenovo RackSwitch G7028 (ThinkAgile CX2200)
- Lenovo RackSwitch G7052 (ThinkAgile CX4200/CX4600)
- Lenovo RackSwitch G8052
- Lenovo RackSwitch G8124E (ThinkAgile CX2200)
- Lenovo RackSwitch G8264
- Lenovo RackSwitch G8264CS
- Lenovo RackSwitch G8272 (ThinkAgile CX4200/CX4600)
- Lenovo RackSwitch G8296
- Lenovo RackSwitch G8296-CNOS
- Lenovo RackSwitch G8332
- IBM Flex System™ Fabric EN4093/EN4093R 10Gb Scalable Switch
- IBM Flex System™ Fabric CN4093 10Gb Converged Scalable Switch
- IBM Flex System™ Fabric SI4093 10Gb System Interconnect Module
- IBM Flex System EN2092 1Gb Ethernet Scalable Switch
- IBM 1G L2-7 SLB switch for Bladecenter
- IBM BladeCenter Virtual Fabric 10Gb Switch Module
- IBM Bladecenter 1:10G Uplink Ethernet switch Module
- IBM BladeCenter Layer 2/3 Copper Ethernet Switch Module
- IBM RackSwitch G8264CS
- IBM RackSwitch G8264
- IBM RackSwitch G8052
- IBM Rackswitch G8332
- IBM RackSwitch G8124E
- IBM RackSwitch G8264T
- IBM RackSwitch G8316
- IBM RackSwitch G8124
CVE Reference: CVE-2017-3765
Suggested action
CCIRC recommends that system administrators test and deploy the vendor-released updates to affected applications accordingly.