← back
CVE-2017-3765

CVE-2017-3765

EPSS 0.3%
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
10 Jan 2018Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
In Enterprise Networking Operating System (ENOS) in Lenovo and IBM RackSwitch and BladeCenter products, an authentication bypass known as "HP Backdoor" was discovered during a Lenovo security audit in the serial console, Telnet, SSH, and Web interfaces. This bypass mechanism can be accessed when performing local authentication under specific circumstances. If exploited, admin-level access to the switch is granted.
Affected products
Lenovo Group Ltd. · Enterprise Network Operating System affecting Lenovo and IBM RackSwitch and BladeCenter Products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://support.lenovo.com/us/en/product_security/LEN-16095http://www.securitytracker.com/id/1040296