CVE-2017-3752 - OpenCVE

An industry-wide vulnerability has been identified in the implementation of the Open Shortest Path First (OSPF) routing protocol used on some Lenovo switches. Exploitation of these implementation flaws may result in attackers being able to erase or alter the routing tables of one or many routers, switches, or other devices that support OSPF within a routing domain.

No CVSS v4.0

No CVSS v3.1

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Adjacent Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

AV:A/AC:M/Au:N/C:N/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	1\ 1g L2-7 Slb Bladecenter En2092 1gb Firmware Fabric Cn4093 10gb Firmware Fabric En4093\/en4093r 10gb Firmware Flex System G8052 Firmware G8124 Firmware G8124e Firmware G8264 Firmware G8264cs Firmware G8264t Firmware G8316 Firmware G8332 Firmware Layer 2\/3 Copper Firmware Rackswitch Virtual Fabric 10gb
Lenovo	Fabric Cn4093 10gb Firmware Fabric En4093r 10gb Firmware Flex System G8052 Firmware G8124e Firmware G8264 Firmware G8264cs Firmware G8272 Firmware G8296 Firmware G8332 Firmware Rackswitch Si4091 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:ibm:1g_l2-7_slb:*:*:*:*:*:*:*:*

cpe:2.3:h:ibm:flex_system:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:h:ibm:bladecenter:-:*:*:*:*:*:*:*

cpe:2.3:o:ibm:1\:10g_firmware:*:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:h:ibm:bladecenter:-:*:*:*:*:*:*:*

cpe:2.3:o:ibm:layer_2\/3_copper_firmware:*:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:h:ibm:bladecenter:-:*:*:*:*:*:*:*

cpe:2.3:o:ibm:virtual_fabric_10gb:*:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:h:ibm:flex_system:-:*:*:*:*:*:*:*

cpe:2.3:o:ibm:en2092_1gb_firmware:*:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:h:ibm:flex_system:-:*:*:*:*:*:*:*

cpe:2.3:o:ibm:fabric_cn4093_10gb_firmware:*:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:h:ibm:flex_system:-:*:*:*:*:*:*:*

cpe:2.3:o:ibm:fabric_en4093\/en4093r_10gb_firmware:*:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:h:ibm:rackswitch:-:*:*:*:*:*:*:*

cpe:2.3:o:ibm:g8052_firmware:*:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:h:ibm:rackswitch:-:*:*:*:*:*:*:*

cpe:2.3:o:ibm:g8124_firmware:*:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:ibm:g8124e_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ibm:rackswitch:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:ibm:g8264_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ibm:rackswitch:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:ibm:g8264cs_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ibm:rackswitch:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:ibm:g8264t_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ibm:rackswitch:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:ibm:g8316_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ibm:rackswitch:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:ibm:g8332_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ibm:rackswitch:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:lenovo:fabric_cn4093_10gb_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:flex_system:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:lenovo:fabric_en4093r_10gb_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:flex_system:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:lenovo:si4091_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:flex_system:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:lenovo:g8052_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:rackswitch:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:lenovo:g8124e_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:rackswitch:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:lenovo:g8264_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:rackswitch:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND

cpe:2.3:o:lenovo:g8264cs_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:rackswitch:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND

cpe:2.3:o:lenovo:g8272_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:rackswitch:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND

cpe:2.3:o:lenovo:g8296_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:rackswitch:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND

cpe:2.3:o:lenovo:g8332_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:rackswitch:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/99995
https://support.lenovo.com/us/en/product_security/LEN-14078

History

No history.

MITRE

Status: PUBLISHED

Assigner: lenovo

Published: 2017-08-09T21:00:00Z

Updated: 2024-09-16T23:36:44.002Z

Reserved: 2016-12-16T00:00:00

Link: CVE-2017-3752

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2017-08-09T21:29:01.600

Modified: 2017-08-30T17:50:54.717

Link: CVE-2017-3752

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Lenovo and IBM Switch Products", "vendor": "Lenovo Group Ltd.", "versions": [{"status": "affected", "version": "Various"}]}], "datePublic": "2017-07-27T00:00:00", "descriptions": [{"lang": "en", "value": "An industry-wide vulnerability has been identified in the implementation of the Open Shortest Path First (OSPF) routing protocol used on some Lenovo switches. Exploitation of these implementation flaws may result in attackers being able to erase or alter the routing tables of one or many routers, switches, or other devices that support OSPF within a routing domain."}], "problemTypes": [{"descriptions": [{"description": "Erasure or alteration of routing tables within a routing domain", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-10T09:57:01", "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://support.lenovo.com/us/en/product_security/LEN-14078"}, {"name": "99995", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/99995"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@lenovo.com", "DATE_PUBLIC": "2017-07-27T00:00:00", "ID": "CVE-2017-3752", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Lenovo and IBM Switch Products", "version": {"version_data": [{"version_value": "Various"}]}}]}, "vendor_name": "Lenovo Group Ltd."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An industry-wide vulnerability has been identified in the implementation of the Open Shortest Path First (OSPF) routing protocol used on some Lenovo switches. Exploitation of these implementation flaws may result in attackers being able to erase or alter the routing tables of one or many routers, switches, or other devices that support OSPF within a routing domain."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Erasure or alteration of routing tables within a routing domain"}]}]}, "references": {"reference_data": [{"name": "https://support.lenovo.com/us/en/product_security/LEN-14078", "refsource": "CONFIRM", "url": "https://support.lenovo.com/us/en/product_security/LEN-14078"}, {"name": "99995", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99995"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T14:39:41.295Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.lenovo.com/us/en/product_security/LEN-14078"}, {"name": "99995", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/99995"}]}]}, "cveMetadata": {"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "assignerShortName": "lenovo", "cveId": "CVE-2017-3752", "datePublished": "2017-08-09T21:00:00Z", "dateReserved": "2016-12-16T00:00:00", "dateUpdated": "2024-09-16T23:36:44.002Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:1g_l2-7_slb:*:*:*:*:*:*:*:*", "matchCriteriaId": "5C373989-F05A-495C-9099-3475B4B49DD7", "versionEndIncluding": "21.0.24.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ibm:flex_system:-:*:*:*:*:*:*:*", "matchCriteriaId": "7E8D1286-5D11-4F31-AF77-BBB37B66897A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:ibm:bladecenter:-:*:*:*:*:*:*:*", "matchCriteriaId": "138E5BA5-72E6-4ADE-BBC7-C61274062FC2", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:1\\:10g_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5957C6B8-870E-487F-B003-C751847B4179", "versionEndIncluding": "7.4.16.0", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:ibm:bladecenter:-:*:*:*:*:*:*:*", "matchCriteriaId": "138E5BA5-72E6-4ADE-BBC7-C61274062FC2", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:layer_2\\/3_copper_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "851856BA-623E-4030-B53A-B276CB3551F2", "versionEndIncluding": "5.3.10.0", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:ibm:bladecenter:-:*:*:*:*:*:*:*", "matchCriteriaId": "138E5BA5-72E6-4ADE-BBC7-C61274062FC2", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:virtual_fabric_10gb:*:*:*:*:*:*:*:*", "matchCriteriaId": "6147AD83-A935-4228-B4F5-B9F44C142DCA", "versionEndIncluding": "7.8.12.0", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:ibm:flex_system:-:*:*:*:*:*:*:*", "matchCriteriaId": "7E8D1286-5D11-4F31-AF77-BBB37B66897A", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:en2092_1gb_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "090ECD7A-C62C-4C8F-B7A0-EBD085FC113E", "versionEndIncluding": "7.8.16.0", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:ibm:flex_system:-:*:*:*:*:*:*:*", "matchCriteriaId": "7E8D1286-5D11-4F31-AF77-BBB37B66897A", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:fabric_cn4093_10gb_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "CBB91913-36E2-4CCD-8F06-9559686354E1", "versionEndIncluding": "7.8.16.0", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:ibm:flex_system:-:*:*:*:*:*:*:*", "matchCriteriaId": "7E8D1286-5D11-4F31-AF77-BBB37B66897A", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:fabric_en4093\\/en4093r_10gb_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C4BFB21C-2618-4C36-8100-D0AD973DEED9", "versionEndIncluding": "7.8.16.0", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:ibm:rackswitch:-:*:*:*:*:*:*:*", "matchCriteriaId": "F582ABF9-86DE-4300-9635-A004BA40B048", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:g8052_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6C523570-23D7-4D7C-BD7B-3F88792D691A", "versionEndIncluding": "7.9.19.0", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:ibm:rackswitch:-:*:*:*:*:*:*:*", "matchCriteriaId": "F582ABF9-86DE-4300-9635-A004BA40B048", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:g8124_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "8C619041-574D-4F20-B6E2-20C8DF0C48DD", "versionEndIncluding": "7.11.9.0", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:g8124e_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "70B625F3-7530-4704-8D34-4AE0CB6017F0", "versionEndIncluding": "7.11.9.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ibm:rackswitch:-:*:*:*:*:*:*:*", "matchCriteriaId": "F582ABF9-86DE-4300-9635-A004BA40B048", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:g8264_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5C0230A2-652F-4979-843F-F386B27ED200", "versionEndIncluding": "7.9.19.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ibm:rackswitch:-:*:*:*:*:*:*:*", "matchCriteriaId": "F582ABF9-86DE-4300-9635-A004BA40B048", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:g8264cs_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "32E2E71B-3CEF-427A-B383-3E91F889FFDA", "versionEndIncluding": "7.8.16.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ibm:rackswitch:-:*:*:*:*:*:*:*", "matchCriteriaId": "F582ABF9-86DE-4300-9635-A004BA40B048", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:g8264t_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "52078020-A91C-4C90-816D-D035324A59C4", "versionEndIncluding": "7.9.19.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ibm:rackswitch:-:*:*:*:*:*:*:*", "matchCriteriaId": "F582ABF9-86DE-4300-9635-A004BA40B048", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:g8316_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C53AF1F2-C22A-46AE-A0EB-B78715F800BA", "versionEndIncluding": "7.9.19.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ibm:rackswitch:-:*:*:*:*:*:*:*", "matchCriteriaId": "F582ABF9-86DE-4300-9635-A004BA40B048", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:g8332_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "76BE4F68-3093-4104-8848-087971C350EC", "versionEndIncluding": "7.7.25.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ibm:rackswitch:-:*:*:*:*:*:*:*", "matchCriteriaId": "F582ABF9-86DE-4300-9635-A004BA40B048", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:fabric_cn4093_10gb_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A6AE62EB-61FC-4FBC-886E-956F18D3ABFB", "versionEndIncluding": "8.4.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:flex_system:-:*:*:*:*:*:*:*", "matchCriteriaId": "DB0DBD6A-3583-4319-A0E7-A3DBAED3588A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:fabric_en4093r_10gb_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "DA0F8CD7-B875-47DB-AE77-DEF269321627", "versionEndIncluding": "8.4.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:flex_system:-:*:*:*:*:*:*:*", "matchCriteriaId": "DB0DBD6A-3583-4319-A0E7-A3DBAED3588A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:si4091_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "DD2F5AE9-9942-4D9B-B7C1-3A821F9473C2", "versionEndIncluding": "8.4.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:flex_system:-:*:*:*:*:*:*:*", "matchCriteriaId": "DB0DBD6A-3583-4319-A0E7-A3DBAED3588A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:g8052_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "73DD6C3A-3447-4538-9671-2B2075DAC741", "versionEndIncluding": "8.4.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:rackswitch:-:*:*:*:*:*:*:*", "matchCriteriaId": "9FF9188F-E06E-47B4-9868-A7295B7B6E8F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:g8124e_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A70DD7D3-405F-4BC6-BEF7-1827AE29AEF5", "versionEndIncluding": "8.4.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:rackswitch:-:*:*:*:*:*:*:*", "matchCriteriaId": "9FF9188F-E06E-47B4-9868-A7295B7B6E8F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:g8264_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "639A4EA4-DFA9-4A7A-B22E-23C150DD2E8B", "versionEndIncluding": "8.4.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:rackswitch:-:*:*:*:*:*:*:*", "matchCriteriaId": "9FF9188F-E06E-47B4-9868-A7295B7B6E8F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:g8264cs_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "DFA4508C-4DDE-4E84-826F-9C3AA475A34C", "versionEndIncluding": "8.4.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:rackswitch:-:*:*:*:*:*:*:*", "matchCriteriaId": "9FF9188F-E06E-47B4-9868-A7295B7B6E8F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:g8272_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "37008C3A-0DE7-40A8-A945-AB7FD92A6395", "versionEndIncluding": "8.4.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:rackswitch:-:*:*:*:*:*:*:*", "matchCriteriaId": "9FF9188F-E06E-47B4-9868-A7295B7B6E8F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:g8296_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "9E93F011-AA73-40B0-A3BC-BAD75BB6B627", "versionEndIncluding": "8.4.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:rackswitch:-:*:*:*:*:*:*:*", "matchCriteriaId": "9FF9188F-E06E-47B4-9868-A7295B7B6E8F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:g8332_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7607ACCB-235B-4116-BE00-39911040EAE1", "versionEndIncluding": "8.4.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:rackswitch:-:*:*:*:*:*:*:*", "matchCriteriaId": "9FF9188F-E06E-47B4-9868-A7295B7B6E8F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An industry-wide vulnerability has been identified in the implementation of the Open Shortest Path First (OSPF) routing protocol used on some Lenovo switches. Exploitation of these implementation flaws may result in attackers being able to erase or alter the routing tables of one or many routers, switches, or other devices that support OSPF within a routing domain."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad que afecta a toda la industria en la implementaci\u00f3n del protocolo de enrutamiento Open Shortest Path First (OSPF) empleado en algunos switches Lenovo. La explotaci\u00f3n de estos fallos de implementaci\u00f3n puede dar lugar a que los atacantes consigan borrar o alterar las tablas de de enrutamiento de uno o muchos routers, switches u otros dispositivos que son compatibles con OSPF en un dominio de enrutamiento."}], "id": "CVE-2017-3752", "lastModified": "2017-08-30T17:50:54.717", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:A/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 5.5, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.6, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-08-09T21:29:01.600", "references": [{"source": "psirt@lenovo.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/99995"}, {"source": "psirt@lenovo.com", "tags": ["Vendor Advisory"], "url": "https://support.lenovo.com/us/en/product_security/LEN-14078"}], "sourceIdentifier": "psirt@lenovo.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}