CVE-2017-3752 - Vulnerability Details - OpenCVE

Description

An industry-wide vulnerability has been identified in the implementation of the Open Shortest Path First (OSPF) routing protocol used on some Lenovo switches. Exploitation of these implementation flaws may result in attackers being able to erase or alter the routing tables of one or many routers, switches, or other devices that support OSPF within a routing domain.

Published: 2017-08-09

Score: 8.2 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Lenovo Group Ltd.

Lenovo and IBM Switch Products

affected

Version	Status	Constraints
`Various`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:ibm:1g_l2-7_slb:*:*:*:*:*:*:*:*

cpe:2.3:h:ibm:flex_system:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:ibm:1\:10g_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ibm:bladecenter:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:ibm:layer_2\/3_copper_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ibm:bladecenter:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:ibm:virtual_fabric_10gb:*:*:*:*:*:*:*:*

cpe:2.3:h:ibm:bladecenter:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:ibm:en2092_1gb_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ibm:flex_system:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:ibm:fabric_cn4093_10gb_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ibm:flex_system:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:ibm:fabric_en4093\/en4093r_10gb_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ibm:flex_system:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:ibm:g8052_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ibm:rackswitch:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:ibm:g8124_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ibm:rackswitch:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:ibm:g8124e_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ibm:rackswitch:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:ibm:g8264_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ibm:rackswitch:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:ibm:g8264cs_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ibm:rackswitch:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:ibm:g8264t_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ibm:rackswitch:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:ibm:g8316_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ibm:rackswitch:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:ibm:g8332_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ibm:rackswitch:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:lenovo:fabric_cn4093_10gb_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:flex_system:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:lenovo:fabric_en4093r_10gb_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:flex_system:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:lenovo:si4091_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:flex_system:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:lenovo:g8052_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:rackswitch:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:lenovo:g8124e_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:rackswitch:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:lenovo:g8264_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:rackswitch:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND

cpe:2.3:o:lenovo:g8264cs_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:rackswitch:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND

cpe:2.3:o:lenovo:g8272_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:rackswitch:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND

cpe:2.3:o:lenovo:g8296_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:rackswitch:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND

cpe:2.3:o:lenovo:g8332_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:rackswitch:-:*:*:*:*:*:*:*

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2017-12869	An industry-wide vulnerability has been identified in the implementation of the Open Shortest Path First (OSPF) routing protocol used on some Lenovo switches. Exploitation of these implementation flaws may result in attackers being able to erase or alter the routing tables of one or many routers, switches, or other devices that support OSPF within a routing domain.

No CVSS v4.0

No CVSS v3.1

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Adjacent Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00146.

Key SSVC decision points have not yet been added.

References

Link	Providers
http://www.securityfocus.com/bid/99995
https://support.lenovo.com/us/en/product_security/LEN-14078

History

No history.

Subscriptions

Ibm 1\ 1g L2-7 Slb Bladecenter En2092 1gb Firmware Fabric Cn4093 10gb Firmware Fabric En4093\/en4093r 10gb Firmware Flex System G8052 Firmware G8124 Firmware G8124e Firmware G8264 Firmware G8264cs Firmware G8264t Firmware G8316 Firmware G8332 Firmware Layer 2\/3 Copper Firmware Rackswitch Virtual Fabric 10gb

Lenovo Fabric Cn4093 10gb Firmware Fabric En4093r 10gb Firmware Flex System G8052 Firmware G8124e Firmware G8264 Firmware G8264cs Firmware G8272 Firmware G8296 Firmware G8332 Firmware Rackswitch Si4091 Firmware

MITRE

Status: PUBLISHED

Assigner: lenovo

Published: 2017-08-09T21:00:00.000Z

Updated: 2024-09-16T23:36:44.002Z

Reserved: 2016-12-16T00:00:00.000Z

Link: CVE-2017-3752

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2017-08-09T21:29:01.600

Modified: 2025-04-20T01:37:25.860

Link: CVE-2017-3752

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-20

{"containers": {"cna": {"affected": [{"product": "Lenovo and IBM Switch Products", "vendor": "Lenovo Group Ltd.", "versions": [{"status": "affected", "version": "Various"}]}], "datePublic": "2017-07-27T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "An industry-wide vulnerability has been identified in the implementation of the Open Shortest Path First (OSPF) routing protocol used on some Lenovo switches. Exploitation of these implementation flaws may result in attackers being able to erase or alter the routing tables of one or many routers, switches, or other devices that support OSPF within a routing domain."}], "problemTypes": [{"descriptions": [{"description": "Erasure or alteration of routing tables within a routing domain", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-10T09:57:01.000Z", "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://support.lenovo.com/us/en/product_security/LEN-14078"}, {"name": "99995", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/99995"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@lenovo.com", "DATE_PUBLIC": "2017-07-27T00:00:00", "ID": "CVE-2017-3752", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Lenovo and IBM Switch Products", "version": {"version_data": [{"version_value": "Various"}]}}]}, "vendor_name": "Lenovo Group Ltd."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An industry-wide vulnerability has been identified in the implementation of the Open Shortest Path First (OSPF) routing protocol used on some Lenovo switches. Exploitation of these implementation flaws may result in attackers being able to erase or alter the routing tables of one or many routers, switches, or other devices that support OSPF within a routing domain."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Erasure or alteration of routing tables within a routing domain"}]}]}, "references": {"reference_data": [{"name": "https://support.lenovo.com/us/en/product_security/LEN-14078", "refsource": "CONFIRM", "url": "https://support.lenovo.com/us/en/product_security/LEN-14078"}, {"name": "99995", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99995"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T14:39:41.295Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.lenovo.com/us/en/product_security/LEN-14078"}, {"name": "99995", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/99995"}]}]}, "cveMetadata": {"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "assignerShortName": "lenovo", "cveId": "CVE-2017-3752", "datePublished": "2017-08-09T21:00:00.000Z", "dateReserved": "2016-12-16T00:00:00.000Z", "dateUpdated": "2024-09-16T23:36:44.002Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:1g_l2-7_slb:*:*:*:*:*:*:*:*", "matchCriteriaId": "5C373989-F05A-495C-9099-3475B4B49DD7", "versionEndIncluding": "21.0.24.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ibm:flex_system:-:*:*:*:*:*:*:*", "matchCriteriaId": "7E8D1286-5D11-4F31-AF77-BBB37B66897A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:1\\:10g_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5957C6B8-870E-487F-B003-C751847B4179", "versionEndIncluding": "7.4.16.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ibm:bladecenter:-:*:*:*:*:*:*:*", "matchCriteriaId": "138E5BA5-72E6-4ADE-BBC7-C61274062FC2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:layer_2\\/3_copper_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "851856BA-623E-4030-B53A-B276CB3551F2", "versionEndIncluding": "5.3.10.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ibm:bladecenter:-:*:*:*:*:*:*:*", "matchCriteriaId": "138E5BA5-72E6-4ADE-BBC7-C61274062FC2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:virtual_fabric_10gb:*:*:*:*:*:*:*:*", "matchCriteriaId": "6147AD83-A935-4228-B4F5-B9F44C142DCA", "versionEndIncluding": "7.8.12.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ibm:bladecenter:-:*:*:*:*:*:*:*", "matchCriteriaId": "138E5BA5-72E6-4ADE-BBC7-C61274062FC2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:en2092_1gb_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "090ECD7A-C62C-4C8F-B7A0-EBD085FC113E", "versionEndIncluding": "7.8.16.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ibm:flex_system:-:*:*:*:*:*:*:*", "matchCriteriaId": "7E8D1286-5D11-4F31-AF77-BBB37B66897A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:fabric_cn4093_10gb_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "CBB91913-36E2-4CCD-8F06-9559686354E1", "versionEndIncluding": "7.8.16.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ibm:flex_system:-:*:*:*:*:*:*:*", "matchCriteriaId": "7E8D1286-5D11-4F31-AF77-BBB37B66897A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:fabric_en4093\\/en4093r_10gb_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C4BFB21C-2618-4C36-8100-D0AD973DEED9", "versionEndIncluding": "7.8.16.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ibm:flex_system:-:*:*:*:*:*:*:*", "matchCriteriaId": "7E8D1286-5D11-4F31-AF77-BBB37B66897A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:g8052_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6C523570-23D7-4D7C-BD7B-3F88792D691A", "versionEndIncluding": "7.9.19.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ibm:rackswitch:-:*:*:*:*:*:*:*", "matchCriteriaId": "F582ABF9-86DE-4300-9635-A004BA40B048", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:g8124_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "8C619041-574D-4F20-B6E2-20C8DF0C48DD", "versionEndIncluding": "7.11.9.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ibm:rackswitch:-:*:*:*:*:*:*:*", "matchCriteriaId": "F582ABF9-86DE-4300-9635-A004BA40B048", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:g8124e_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "70B625F3-7530-4704-8D34-4AE0CB6017F0", "versionEndIncluding": "7.11.9.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ibm:rackswitch:-:*:*:*:*:*:*:*", "matchCriteriaId": "F582ABF9-86DE-4300-9635-A004BA40B048", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:g8264_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5C0230A2-652F-4979-843F-F386B27ED200", "versionEndIncluding": "7.9.19.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ibm:rackswitch:-:*:*:*:*:*:*:*", "matchCriteriaId": "F582ABF9-86DE-4300-9635-A004BA40B048", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:g8264cs_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "32E2E71B-3CEF-427A-B383-3E91F889FFDA", "versionEndIncluding": "7.8.16.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ibm:rackswitch:-:*:*:*:*:*:*:*", "matchCriteriaId": "F582ABF9-86DE-4300-9635-A004BA40B048", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:g8264t_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "52078020-A91C-4C90-816D-D035324A59C4", "versionEndIncluding": "7.9.19.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ibm:rackswitch:-:*:*:*:*:*:*:*", "matchCriteriaId": "F582ABF9-86DE-4300-9635-A004BA40B048", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:g8316_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C53AF1F2-C22A-46AE-A0EB-B78715F800BA", "versionEndIncluding": "7.9.19.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ibm:rackswitch:-:*:*:*:*:*:*:*", "matchCriteriaId": "F582ABF9-86DE-4300-9635-A004BA40B048", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:g8332_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "76BE4F68-3093-4104-8848-087971C350EC", "versionEndIncluding": "7.7.25.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ibm:rackswitch:-:*:*:*:*:*:*:*", "matchCriteriaId": "F582ABF9-86DE-4300-9635-A004BA40B048", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:fabric_cn4093_10gb_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A6AE62EB-61FC-4FBC-886E-956F18D3ABFB", "versionEndIncluding": "8.4.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:flex_system:-:*:*:*:*:*:*:*", "matchCriteriaId": "DB0DBD6A-3583-4319-A0E7-A3DBAED3588A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:fabric_en4093r_10gb_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "DA0F8CD7-B875-47DB-AE77-DEF269321627", "versionEndIncluding": "8.4.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:flex_system:-:*:*:*:*:*:*:*", "matchCriteriaId": "DB0DBD6A-3583-4319-A0E7-A3DBAED3588A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:si4091_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "DD2F5AE9-9942-4D9B-B7C1-3A821F9473C2", "versionEndIncluding": "8.4.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:flex_system:-:*:*:*:*:*:*:*", "matchCriteriaId": "DB0DBD6A-3583-4319-A0E7-A3DBAED3588A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:g8052_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "73DD6C3A-3447-4538-9671-2B2075DAC741", "versionEndIncluding": "8.4.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:rackswitch:-:*:*:*:*:*:*:*", "matchCriteriaId": "9FF9188F-E06E-47B4-9868-A7295B7B6E8F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:g8124e_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A70DD7D3-405F-4BC6-BEF7-1827AE29AEF5", "versionEndIncluding": "8.4.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:rackswitch:-:*:*:*:*:*:*:*", "matchCriteriaId": "9FF9188F-E06E-47B4-9868-A7295B7B6E8F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:g8264_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "639A4EA4-DFA9-4A7A-B22E-23C150DD2E8B", "versionEndIncluding": "8.4.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:rackswitch:-:*:*:*:*:*:*:*", "matchCriteriaId": "9FF9188F-E06E-47B4-9868-A7295B7B6E8F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:g8264cs_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "DFA4508C-4DDE-4E84-826F-9C3AA475A34C", "versionEndIncluding": "8.4.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:rackswitch:-:*:*:*:*:*:*:*", "matchCriteriaId": "9FF9188F-E06E-47B4-9868-A7295B7B6E8F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:g8272_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "37008C3A-0DE7-40A8-A945-AB7FD92A6395", "versionEndIncluding": "8.4.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:rackswitch:-:*:*:*:*:*:*:*", "matchCriteriaId": "9FF9188F-E06E-47B4-9868-A7295B7B6E8F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:g8296_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "9E93F011-AA73-40B0-A3BC-BAD75BB6B627", "versionEndIncluding": "8.4.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:rackswitch:-:*:*:*:*:*:*:*", "matchCriteriaId": "9FF9188F-E06E-47B4-9868-A7295B7B6E8F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:g8332_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7607ACCB-235B-4116-BE00-39911040EAE1", "versionEndIncluding": "8.4.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:rackswitch:-:*:*:*:*:*:*:*", "matchCriteriaId": "9FF9188F-E06E-47B4-9868-A7295B7B6E8F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An industry-wide vulnerability has been identified in the implementation of the Open Shortest Path First (OSPF) routing protocol used on some Lenovo switches. Exploitation of these implementation flaws may result in attackers being able to erase or alter the routing tables of one or many routers, switches, or other devices that support OSPF within a routing domain."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad que afecta a toda la industria en la implementaci\u00f3n del protocolo de enrutamiento Open Shortest Path First (OSPF) empleado en algunos switches Lenovo. La explotaci\u00f3n de estos fallos de implementaci\u00f3n puede dar lugar a que los atacantes consigan borrar o alterar las tablas de de enrutamiento de uno o muchos routers, switches u otros dispositivos que son compatibles con OSPF en un dominio de enrutamiento."}], "id": "CVE-2017-3752", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:A/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 5.5, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.6, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-08-09T21:29:01.600", "references": [{"source": "psirt@lenovo.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/99995"}, {"source": "psirt@lenovo.com", "tags": ["Vendor Advisory"], "url": "https://support.lenovo.com/us/en/product_security/LEN-14078"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/99995"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.lenovo.com/us/en/product_security/LEN-14078"}], "sourceIdentifier": "psirt@lenovo.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}