Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2017-3752
HistoryAug 09, 2017 - 9:29 p.m.

CVE-2017-3752

2017-08-0921:29:01
CWE-20
[email protected]
web.nvd.nist.gov
37
lenovo switches
ospf
vulnerability
routing protocol
exploitation
routing tables

4.3 Medium

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:M/Au:N/C:N/I:P/A:P

8.2 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:H

6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.2%

JSON

An industry-wide vulnerability has been identified in the implementation of the Open Shortest Path First (OSPF) routing protocol used on some Lenovo switches. Exploitation of these implementation flaws may result in attackers being able to erase or alter the routing tables of one or many routers, switches, or other devices that support OSPF within a routing domain.

Affected configurations

NVD
Node
ibm1g_l2-7_slbRange21.0.24.0
AND
ibmflex_systemMatch-
Node
ibmbladecenterMatch-
AND
ibm1\Match10g_firmware
Node
ibmbladecenterMatch-
AND
ibmlayer_2\/3_copper_firmwareRange5.3.10.0
Node
ibmbladecenterMatch-
AND
ibmvirtual_fabric_10gbRange7.8.12.0
Node
ibmflex_systemMatch-
AND
ibmen2092_1gb_firmwareRange7.8.16.0
Node
ibmflex_systemMatch-
AND
ibmfabric_cn4093_10gb_firmwareRange7.8.16.0
Node
ibmflex_systemMatch-
AND
ibmfabric_en4093\/en4093r_10gb_firmwareRange7.8.16.0
Node
ibmrackswitchMatch-
AND
ibmg8052_firmwareRange7.9.19.0
Node
ibmrackswitchMatch-
AND
ibmg8124_firmwareRange7.11.9.0
Node
ibmg8124e_firmwareRange7.11.9.0
AND
ibmrackswitchMatch-
Node
ibmg8264_firmwareRange7.9.19.0
AND
ibmrackswitchMatch-
Node
ibmg8264cs_firmwareRange7.8.16.0
AND
ibmrackswitchMatch-
Node
ibmg8264t_firmwareRange7.9.19.0
AND
ibmrackswitchMatch-
Node
ibmg8316_firmwareRange7.9.19.0
AND
ibmrackswitchMatch-
Node
ibmg8332_firmwareRange7.7.25.0
AND
ibmrackswitchMatch-
Node
lenovofabric_cn4093_10gb_firmwareRange8.4.3.0
AND
lenovoflex_systemMatch-
Node
lenovofabric_en4093r_10gb_firmwareRange8.4.3.0
AND
lenovoflex_systemMatch-
Node
lenovosi4091_firmwareRange8.4.3.0
AND
lenovoflex_systemMatch-
Node
lenovog8052_firmwareRange8.4.3.0
AND
lenovorackswitchMatch-
Node
lenovog8124e_firmwareRange8.4.3.0
AND
lenovorackswitchMatch-
Node
lenovog8264_firmwareRange8.4.3.0
AND
lenovorackswitchMatch-
Node
lenovog8264cs_firmwareRange8.4.3.0
AND
lenovorackswitchMatch-
Node
lenovog8272_firmwareRange8.4.3.0
AND
lenovorackswitchMatch-
Node
lenovog8296_firmwareRange8.4.3.0
AND
lenovorackswitchMatch-
Node
lenovog8332_firmwareRange8.4.3.0
AND
lenovorackswitchMatch-

CNA Affected

[
  {
    "product": "Lenovo and IBM Switch Products",
    "vendor": "Lenovo Group Ltd.",
    "versions": [
      {
        "status": "affected",
        "version": "Various"
      }
    ]
  }
]

Related

prion 1
lenovo 2
cvelist 1
nvd 1
cert 1
prion
prion
Design/Logic Flaw
2017-08-09 21:29:00
lenovo
lenovo
Industry-wide OSPF routing vulnerability on Lenovo and IBM Networking Switches - us
2017-07-27 00:00:00
Industry-wide OSPF routing vulnerability on Lenovo and IBM Networking Switches - Lenovo Support US
2017-07-27 00:00:00
cvelist
cvelist
CVE-2017-3752
2017-07-27 00:00:00
nvd
nvd
CVE-2017-3752
2017-08-09 21:29:01
cert
cert
Open Shortest Path First (OSPF) protocol implementations may improperly determine LSA recency
2017-07-27 00:00:00

4.3 Medium

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:M/Au:N/C:N/I:P/A:P

8.2 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:H

6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.2%

JSON
Related for CVE-2017-3752
prion1lenovo2cvelist1nvd1cert1