CVE-2017-3752 - Vulnerability Details - OpenCVE

An industry-wide vulnerability has been identified in the implementation of the Open Shortest Path First (OSPF) routing protocol used on some Lenovo switches. Exploitation of these implementation flaws may result in attackers being able to erase or alter the routing tables of one or many routers, switches, or other devices that support OSPF within a routing domain.

No CVSS v4.0

No CVSS v3.1

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Adjacent Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00146.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Lenovo Group Ltd.

Lenovo and IBM Switch Products

affected

Version	Status	Constraints
`Various`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:ibm:1g_l2-7_slb:*:*:*:*:*:*:*:*

cpe:2.3:h:ibm:flex_system:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:ibm:1\:10g_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ibm:bladecenter:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:ibm:layer_2\/3_copper_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ibm:bladecenter:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:ibm:virtual_fabric_10gb:*:*:*:*:*:*:*:*

cpe:2.3:h:ibm:bladecenter:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:ibm:en2092_1gb_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ibm:flex_system:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:ibm:fabric_cn4093_10gb_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ibm:flex_system:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:ibm:fabric_en4093\/en4093r_10gb_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ibm:flex_system:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:ibm:g8052_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ibm:rackswitch:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:ibm:g8124_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ibm:rackswitch:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:ibm:g8124e_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ibm:rackswitch:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:ibm:g8264_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ibm:rackswitch:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:ibm:g8264cs_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ibm:rackswitch:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:ibm:g8264t_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ibm:rackswitch:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:ibm:g8316_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ibm:rackswitch:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:ibm:g8332_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ibm:rackswitch:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:lenovo:fabric_cn4093_10gb_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:flex_system:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:lenovo:fabric_en4093r_10gb_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:flex_system:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:lenovo:si4091_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:flex_system:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:lenovo:g8052_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:rackswitch:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:lenovo:g8124e_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:rackswitch:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:lenovo:g8264_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:rackswitch:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND

cpe:2.3:o:lenovo:g8264cs_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:rackswitch:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND

cpe:2.3:o:lenovo:g8272_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:rackswitch:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND

cpe:2.3:o:lenovo:g8296_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:rackswitch:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND

cpe:2.3:o:lenovo:g8332_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:rackswitch:-:*:*:*:*:*:*:*

No data.

No data.

Project Subscriptions

Vendors	Products
Ibm Subscribe	1\ Subscribe 1g L2-7 Slb Subscribe Bladecenter Subscribe En2092 1gb Firmware Subscribe Fabric Cn4093 10gb Firmware Subscribe Fabric En4093\/en4093r 10gb Firmware Subscribe Flex System Subscribe G8052 Firmware Subscribe G8124 Firmware Subscribe G8124e Firmware Subscribe G8264 Firmware Subscribe G8264cs Firmware Subscribe G8264t Firmware Subscribe G8316 Firmware Subscribe G8332 Firmware Subscribe Layer 2\/3 Copper Firmware Subscribe Rackswitch Subscribe Virtual Fabric 10gb Subscribe
Lenovo Subscribe	Fabric Cn4093 10gb Firmware Subscribe Fabric En4093r 10gb Firmware Subscribe Flex System Subscribe G8052 Firmware Subscribe G8124e Firmware Subscribe G8264 Firmware Subscribe G8264cs Firmware Subscribe G8272 Firmware Subscribe G8296 Firmware Subscribe G8332 Firmware Subscribe Rackswitch Subscribe Si4091 Firmware Subscribe

Advisories

Source	ID	Title
EUVD	EUVD-2017-12869	An industry-wide vulnerability has been identified in the implementation of the Open Shortest Path First (OSPF) routing protocol used on some Lenovo switches. Exploitation of these implementation flaws may result in attackers being able to erase or alter the routing tables of one or many routers, switches, or other devices that support OSPF within a routing domain.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://www.securityfocus.com/bid/99995
https://support.lenovo.com/us/en/product_security/LEN-14078

History

No history.

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: lenovo

Published: 2017-08-09T21:00:00Z

Updated: 2024-09-16T23:36:44.002Z

Reserved: 2016-12-16T00:00:00

Link: CVE-2017-3752

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2017-08-09T21:29:01.600

Modified: 2025-04-20T01:37:25.860

Link: CVE-2017-3752

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-20

{"containers": {"cna": {"affected": [{"product": "Lenovo and IBM Switch Products", "vendor": "Lenovo Group Ltd.", "versions": [{"status": "affected", "version": "Various"}]}], "datePublic": "2017-07-27T00:00:00", "descriptions": [{"lang": "en", "value": "An industry-wide vulnerability has been identified in the implementation of the Open Shortest Path First (OSPF) routing protocol used on some Lenovo switches. Exploitation of these implementation flaws may result in attackers being able to erase or alter the routing tables of one or many routers, switches, or other devices that support OSPF within a routing domain."}], "problemTypes": [{"descriptions": [{"description": "Erasure or alteration of routing tables within a routing domain", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-10T09:57:01", "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://support.lenovo.com/us/en/product_security/LEN-14078"}, {"name": "99995", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/99995"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@lenovo.com", "DATE_PUBLIC": "2017-07-27T00:00:00", "ID": "CVE-2017-3752", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Lenovo and IBM Switch Products", "version": {"version_data": [{"version_value": "Various"}]}}]}, "vendor_name": "Lenovo Group Ltd."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An industry-wide vulnerability has been identified in the implementation of the Open Shortest Path First (OSPF) routing protocol used on some Lenovo switches. Exploitation of these implementation flaws may result in attackers being able to erase or alter the routing tables of one or many routers, switches, or other devices that support OSPF within a routing domain."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Erasure or alteration of routing tables within a routing domain"}]}]}, "references": {"reference_data": [{"name": "https://support.lenovo.com/us/en/product_security/LEN-14078", "refsource": "CONFIRM", "url": "https://support.lenovo.com/us/en/product_security/LEN-14078"}, {"name": "99995", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99995"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T14:39:41.295Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.lenovo.com/us/en/product_security/LEN-14078"}, {"name": "99995", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/99995"}]}]}, "cveMetadata": {"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "assignerShortName": "lenovo", "cveId": "CVE-2017-3752", "datePublished": "2017-08-09T21:00:00Z", "dateReserved": "2016-12-16T00:00:00", "dateUpdated": "2024-09-16T23:36:44.002Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:1g_l2-7_slb:*:*:*:*:*:*:*:*", "matchCriteriaId": "5C373989-F05A-495C-9099-3475B4B49DD7", "versionEndIncluding": "21.0.24.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ibm:flex_system:-:*:*:*:*:*:*:*", "matchCriteriaId": "7E8D1286-5D11-4F31-AF77-BBB37B66897A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:1\\:10g_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5957C6B8-870E-487F-B003-C751847B4179", "versionEndIncluding": "7.4.16.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ibm:bladecenter:-:*:*:*:*:*:*:*", "matchCriteriaId": "138E5BA5-72E6-4ADE-BBC7-C61274062FC2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:layer_2\\/3_copper_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "851856BA-623E-4030-B53A-B276CB3551F2", "versionEndIncluding": "5.3.10.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ibm:bladecenter:-:*:*:*:*:*:*:*", "matchCriteriaId": "138E5BA5-72E6-4ADE-BBC7-C61274062FC2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:virtual_fabric_10gb:*:*:*:*:*:*:*:*", "matchCriteriaId": "6147AD83-A935-4228-B4F5-B9F44C142DCA", "versionEndIncluding": "7.8.12.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ibm:bladecenter:-:*:*:*:*:*:*:*", "matchCriteriaId": "138E5BA5-72E6-4ADE-BBC7-C61274062FC2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:en2092_1gb_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "090ECD7A-C62C-4C8F-B7A0-EBD085FC113E", "versionEndIncluding": "7.8.16.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ibm:flex_system:-:*:*:*:*:*:*:*", "matchCriteriaId": "7E8D1286-5D11-4F31-AF77-BBB37B66897A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:fabric_cn4093_10gb_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "CBB91913-36E2-4CCD-8F06-9559686354E1", "versionEndIncluding": "7.8.16.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ibm:flex_system:-:*:*:*:*:*:*:*", "matchCriteriaId": "7E8D1286-5D11-4F31-AF77-BBB37B66897A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:fabric_en4093\\/en4093r_10gb_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C4BFB21C-2618-4C36-8100-D0AD973DEED9", "versionEndIncluding": "7.8.16.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ibm:flex_system:-:*:*:*:*:*:*:*", "matchCriteriaId": "7E8D1286-5D11-4F31-AF77-BBB37B66897A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:g8052_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6C523570-23D7-4D7C-BD7B-3F88792D691A", "versionEndIncluding": "7.9.19.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ibm:rackswitch:-:*:*:*:*:*:*:*", "matchCriteriaId": "F582ABF9-86DE-4300-9635-A004BA40B048", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:g8124_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "8C619041-574D-4F20-B6E2-20C8DF0C48DD", "versionEndIncluding": "7.11.9.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ibm:rackswitch:-:*:*:*:*:*:*:*", "matchCriteriaId": "F582ABF9-86DE-4300-9635-A004BA40B048", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:g8124e_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "70B625F3-7530-4704-8D34-4AE0CB6017F0", "versionEndIncluding": "7.11.9.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ibm:rackswitch:-:*:*:*:*:*:*:*", "matchCriteriaId": "F582ABF9-86DE-4300-9635-A004BA40B048", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:g8264_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5C0230A2-652F-4979-843F-F386B27ED200", "versionEndIncluding": "7.9.19.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ibm:rackswitch:-:*:*:*:*:*:*:*", "matchCriteriaId": "F582ABF9-86DE-4300-9635-A004BA40B048", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:g8264cs_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "32E2E71B-3CEF-427A-B383-3E91F889FFDA", "versionEndIncluding": "7.8.16.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ibm:rackswitch:-:*:*:*:*:*:*:*", "matchCriteriaId": "F582ABF9-86DE-4300-9635-A004BA40B048", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:g8264t_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "52078020-A91C-4C90-816D-D035324A59C4", "versionEndIncluding": "7.9.19.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ibm:rackswitch:-:*:*:*:*:*:*:*", "matchCriteriaId": "F582ABF9-86DE-4300-9635-A004BA40B048", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:g8316_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C53AF1F2-C22A-46AE-A0EB-B78715F800BA", "versionEndIncluding": "7.9.19.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ibm:rackswitch:-:*:*:*:*:*:*:*", "matchCriteriaId": "F582ABF9-86DE-4300-9635-A004BA40B048", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:g8332_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "76BE4F68-3093-4104-8848-087971C350EC", "versionEndIncluding": "7.7.25.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ibm:rackswitch:-:*:*:*:*:*:*:*", "matchCriteriaId": "F582ABF9-86DE-4300-9635-A004BA40B048", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:fabric_cn4093_10gb_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A6AE62EB-61FC-4FBC-886E-956F18D3ABFB", "versionEndIncluding": "8.4.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:flex_system:-:*:*:*:*:*:*:*", "matchCriteriaId": "DB0DBD6A-3583-4319-A0E7-A3DBAED3588A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:fabric_en4093r_10gb_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "DA0F8CD7-B875-47DB-AE77-DEF269321627", "versionEndIncluding": "8.4.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:flex_system:-:*:*:*:*:*:*:*", "matchCriteriaId": "DB0DBD6A-3583-4319-A0E7-A3DBAED3588A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:si4091_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "DD2F5AE9-9942-4D9B-B7C1-3A821F9473C2", "versionEndIncluding": "8.4.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:flex_system:-:*:*:*:*:*:*:*", "matchCriteriaId": "DB0DBD6A-3583-4319-A0E7-A3DBAED3588A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:g8052_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "73DD6C3A-3447-4538-9671-2B2075DAC741", "versionEndIncluding": "8.4.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:rackswitch:-:*:*:*:*:*:*:*", "matchCriteriaId": "9FF9188F-E06E-47B4-9868-A7295B7B6E8F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:g8124e_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A70DD7D3-405F-4BC6-BEF7-1827AE29AEF5", "versionEndIncluding": "8.4.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:rackswitch:-:*:*:*:*:*:*:*", "matchCriteriaId": "9FF9188F-E06E-47B4-9868-A7295B7B6E8F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:g8264_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "639A4EA4-DFA9-4A7A-B22E-23C150DD2E8B", "versionEndIncluding": "8.4.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:rackswitch:-:*:*:*:*:*:*:*", "matchCriteriaId": "9FF9188F-E06E-47B4-9868-A7295B7B6E8F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:g8264cs_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "DFA4508C-4DDE-4E84-826F-9C3AA475A34C", "versionEndIncluding": "8.4.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:rackswitch:-:*:*:*:*:*:*:*", "matchCriteriaId": "9FF9188F-E06E-47B4-9868-A7295B7B6E8F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:g8272_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "37008C3A-0DE7-40A8-A945-AB7FD92A6395", "versionEndIncluding": "8.4.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:rackswitch:-:*:*:*:*:*:*:*", "matchCriteriaId": "9FF9188F-E06E-47B4-9868-A7295B7B6E8F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:g8296_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "9E93F011-AA73-40B0-A3BC-BAD75BB6B627", "versionEndIncluding": "8.4.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:rackswitch:-:*:*:*:*:*:*:*", "matchCriteriaId": "9FF9188F-E06E-47B4-9868-A7295B7B6E8F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:g8332_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7607ACCB-235B-4116-BE00-39911040EAE1", "versionEndIncluding": "8.4.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:rackswitch:-:*:*:*:*:*:*:*", "matchCriteriaId": "9FF9188F-E06E-47B4-9868-A7295B7B6E8F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An industry-wide vulnerability has been identified in the implementation of the Open Shortest Path First (OSPF) routing protocol used on some Lenovo switches. Exploitation of these implementation flaws may result in attackers being able to erase or alter the routing tables of one or many routers, switches, or other devices that support OSPF within a routing domain."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad que afecta a toda la industria en la implementaci\u00f3n del protocolo de enrutamiento Open Shortest Path First (OSPF) empleado en algunos switches Lenovo. La explotaci\u00f3n de estos fallos de implementaci\u00f3n puede dar lugar a que los atacantes consigan borrar o alterar las tablas de de enrutamiento de uno o muchos routers, switches u otros dispositivos que son compatibles con OSPF en un dominio de enrutamiento."}], "id": "CVE-2017-3752", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:A/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 5.5, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.6, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-08-09T21:29:01.600", "references": [{"source": "psirt@lenovo.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/99995"}, {"source": "psirt@lenovo.com", "tags": ["Vendor Advisory"], "url": "https://support.lenovo.com/us/en/product_security/LEN-14078"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/99995"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.lenovo.com/us/en/product_security/LEN-14078"}], "sourceIdentifier": "psirt@lenovo.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}