{"containers": {"cna": {"affected": [{"product": "Cloud Networking Operating System (CNOS)", "vendor": "Lenovo", "versions": [{"lessThan": "10.10.6.0", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "An internal security review has identified an unauthenticated remote code execution vulnerability in Cloud Networking Operating System (CNOS)\u2019 optional REST API management interface. This interface is disabled by default and not vulnerable unless enabled. When enabled, it is only vulnerable where attached to a VRF and as allowed by defined ACLs. Lenovo strongly recommends upgrading to a non-vulnerable CNOS release. Where not possible, Lenovo recommends disabling the REST API management interface or restricting access to the management VRF and further limiting access to authorized management stations via ACL."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-10-14T21:25:20", "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://support.lenovo.com/us/en/product_security/LEN-44423"}], "solutions": [{"lang": "en", "value": "Upgrade to the CNOS version 10.10.6.0 or later."}], "source": {"advisory": "LEN-44423", "discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@lenovo.com", "ID": "CVE-2020-8349", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cloud Networking Operating System (CNOS)", "version": {"version_data": [{"version_affected": "<", "version_value": "10.10.6.0"}]}}]}, "vendor_name": "Lenovo"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An internal security review has identified an unauthenticated remote code execution vulnerability in Cloud Networking Operating System (CNOS)\u2019 optional REST API management interface. This interface is disabled by default and not vulnerable unless enabled. When enabled, it is only vulnerable where attached to a VRF and as allowed by defined ACLs. Lenovo strongly recommends upgrading to a non-vulnerable CNOS release. Where not possible, Lenovo recommends disabling the REST API management interface or restricting access to the management VRF and further limiting access to authorized management stations via ACL."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-20 Improper Input Validation"}]}]}, "references": {"reference_data": [{"name": "https://support.lenovo.com/us/en/product_security/LEN-44423", "refsource": "MISC", "url": "https://support.lenovo.com/us/en/product_security/LEN-44423"}]}, "solution": [{"lang": "en", "value": "Upgrade to the CNOS version 10.10.6.0 or later."}], "source": {"advisory": "LEN-44423", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T09:56:28.342Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.lenovo.com/us/en/product_security/LEN-44423"}]}]}, "cveMetadata": {"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "assignerShortName": "lenovo", "cveId": "CVE-2020-8349", "datePublished": "2020-10-14T21:25:21", "dateReserved": "2020-01-28T00:00:00", "dateUpdated": "2024-08-04T09:56:28.342Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:cloud_networking_operating_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "144A51B2-76BD-432F-B88A-65319FAEFFD0", "versionEndExcluding": "10.10.6.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:rackswitch_g8272:-:*:*:*:*:*:*:*", "matchCriteriaId": "DB8AF1A2-AC14-46E3-BCF1-41C48F0D45BA", "vulnerable": false}, {"criteria": "cpe:2.3:h:lenovo:rackswitch_g8296:-:*:*:*:*:*:*:*", "matchCriteriaId": "B3C14274-E752-4FCF-96DE-8EE02D07BB48", "vulnerable": false}, {"criteria": "cpe:2.3:h:lenovo:rackswitch_g8332:-:*:*:*:*:*:*:*", "matchCriteriaId": "B8D47782-1C9C-4C89-852C-637E09CB9E20", "vulnerable": false}, {"criteria": "cpe:2.3:h:lenovo:rackswitch_ne0152t:-:*:*:*:*:*:*:*", "matchCriteriaId": "D78FFD69-80A3-4D6B-AEC2-FFA6192454D0", "vulnerable": false}, {"criteria": "cpe:2.3:h:lenovo:rackswitch_ne10032:-:*:*:*:*:*:*:*", "matchCriteriaId": "EF898320-239A-42C1-BB49-75402894064B", "vulnerable": false}, {"criteria": "cpe:2.3:h:lenovo:rackswitch_ne1032:-:*:*:*:*:*:*:*", "matchCriteriaId": "8CB91FF4-B209-4810-95EB-0112963247ED", "vulnerable": false}, {"criteria": "cpe:2.3:h:lenovo:rackswitch_ne1032t:-:*:*:*:*:*:*:*", "matchCriteriaId": "C1C531F7-AEA1-4AAE-AD7D-7416EE85E1F5", "vulnerable": false}, {"criteria": "cpe:2.3:h:lenovo:rackswitch_ne1072t:-:*:*:*:*:*:*:*", "matchCriteriaId": "A5BA1E79-AA8B-4CDB-872C-21B16FB65124", "vulnerable": false}, {"criteria": "cpe:2.3:h:lenovo:rackswitch_ne2572:-:*:*:*:*:*:*:*", "matchCriteriaId": "0B5A57CB-32B7-4658-8B35-E54DBFAABC24", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An internal security review has identified an unauthenticated remote code execution vulnerability in Cloud Networking Operating System (CNOS)\u2019 optional REST API management interface. This interface is disabled by default and not vulnerable unless enabled. When enabled, it is only vulnerable where attached to a VRF and as allowed by defined ACLs. Lenovo strongly recommends upgrading to a non-vulnerable CNOS release. Where not possible, Lenovo recommends disabling the REST API management interface or restricting access to the management VRF and further limiting access to authorized management stations via ACL."}, {"lang": "es", "value": "Una revisi\u00f3n de seguridad interna identific\u00f3 una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remota no autenticada en la interfaz de administraci\u00f3n de la API REST opcional de Cloud Networking Operating System (CNOS)\u2019.&#xa0;Esta interfaz est\u00e1 deshabilitada por defecto y no es vulnerable a menos que est\u00e9 habilitada.&#xa0;Cuando est\u00e1 habilitada, solo es vulnerable cuando est\u00e1 conectado a un VRF y seg\u00fan lo permitan las ACL definidas.&#xa0;Lenovo recomienda encarecidamente actualizar a una versi\u00f3n CNOS no vulnerable.&#xa0;Cuando no sea posible, Lenovo recomienda deshabilitar la interfaz de administraci\u00f3n de la API REST o restringir el acceso al VRF de administraci\u00f3n y limitar a\u00fan m\u00e1s el acceso a las estaciones de administraci\u00f3n autorizadas mediante ACL"}], "id": "CVE-2020-8349", "lastModified": "2020-10-29T19:52:24.333", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "psirt@lenovo.com", "type": "Secondary"}]}, "published": "2020-10-14T22:15:13.653", "references": [{"source": "psirt@lenovo.com", "tags": ["Vendor Advisory"], "url": "https://support.lenovo.com/us/en/product_security/LEN-44423"}], "sourceIdentifier": "psirt@lenovo.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-20"}], "source": "psirt@lenovo.com", "type": "Secondary"}]}

{}