TTCSIRT-080.012218: TT-CSIRT Advisory – Lenovo Security Updates
Lenovo has released a security update for its Enterprise Network Operating System (ENOS) stating that an authentication bypass mechanism known as “HP Backdoor” was discovered during a Lenovo security audit in the Telnet and Serial Console management interfaces as well as the SSH and Web management interfaces under certain limited and unlikely conditions. This bypass mechanism can be accessed when performing local authentication under specific circumstances using credentials that are unique to each switch.
If exploited, an attacker could gain access to the switch management interface, permitting settings changes that could result in exposing traffic passing through the switch, subtle malfunctions in the attached infrastructure, and partial or complete denial of service. Severity: High.
Further information on this vulnerability and how it can be fixed can be found on the Lenovo Website at https://support.lenovo.com/us/en/product_security/len-16095 |