var-201708-0553
Vulnerability from variot
An industry-wide vulnerability has been identified in the implementation of the Open Shortest Path First (OSPF) routing protocol used on some Lenovo switches. Exploitation of these implementation flaws may result in attackers being able to erase or alter the routing tables of one or many routers, switches, or other devices that support OSPF within a routing domain. Part of Lenovo and IBM Switch Open Shortest Path First (OSPF) Routing protocol implementations have input validation vulnerabilities and data integrity validation vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. LenovoFlexSystemFabricCN409310GbConvergedScalableSwitch, etc. are all switch devices of China Lenovo. IBM1GL2-7SLBswitchforBladecenter and so on are all IBM IBM switch devices. A number of security vulnerabilities exist in OpenShortestPathFirst (OSPF) routingprotocol implementations in Lenovo and IBM NetworkingSwitches. An attacker could use this vulnerability to delete and change routing tables. Lenovo and IBM Networking Switches are prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-0553",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fabric en4093\\/en4093r 10gb",
"scope": "lte",
"trust": 1.0,
"vendor": "ibm",
"version": "7.8.16.0"
},
{
"model": "g8332",
"scope": "lte",
"trust": 1.0,
"vendor": "lenovo",
"version": "8.4.3.0"
},
{
"model": "virtual fabric 10gb",
"scope": "lte",
"trust": 1.0,
"vendor": "ibm",
"version": "7.8.12.0"
},
{
"model": "1g l2-7 slb",
"scope": "lte",
"trust": 1.0,
"vendor": "ibm",
"version": "21.0.24.0"
},
{
"model": "g8332",
"scope": "lte",
"trust": 1.0,
"vendor": "ibm",
"version": "7.7.25.0"
},
{
"model": "fabric cn4093 10gb",
"scope": "lte",
"trust": 1.0,
"vendor": "lenovo",
"version": "8.4.3.0"
},
{
"model": "g8264",
"scope": "lte",
"trust": 1.0,
"vendor": "ibm",
"version": "7.9.19.0"
},
{
"model": "g8264cs",
"scope": "lte",
"trust": 1.0,
"vendor": "ibm",
"version": "7.8.16.0"
},
{
"model": "g8264t",
"scope": "lte",
"trust": 1.0,
"vendor": "ibm",
"version": "7.9.19.0"
},
{
"model": "si4091",
"scope": "lte",
"trust": 1.0,
"vendor": "lenovo",
"version": "8.4.3.0"
},
{
"model": "g8052",
"scope": "lte",
"trust": 1.0,
"vendor": "ibm",
"version": "7.9.19.0"
},
{
"model": "g8052",
"scope": "lte",
"trust": 1.0,
"vendor": "lenovo",
"version": "8.4.3.0"
},
{
"model": "g8124",
"scope": "lte",
"trust": 1.0,
"vendor": "ibm",
"version": "7.11.9.0"
},
{
"model": "g8124e",
"scope": "lte",
"trust": 1.0,
"vendor": "lenovo",
"version": "8.4.3.0"
},
{
"model": "layer 2\\/3 copper",
"scope": "lte",
"trust": 1.0,
"vendor": "ibm",
"version": "5.3.10.0"
},
{
"model": "1\\:10g",
"scope": "lte",
"trust": 1.0,
"vendor": "ibm",
"version": "7.4.16.0"
},
{
"model": "en2092 1gb",
"scope": "lte",
"trust": 1.0,
"vendor": "ibm",
"version": "7.8.16.0"
},
{
"model": "fabric en4093r 10gb",
"scope": "lte",
"trust": 1.0,
"vendor": "lenovo",
"version": "8.4.3.0"
},
{
"model": "fabric cn4093 10gb",
"scope": "lte",
"trust": 1.0,
"vendor": "ibm",
"version": "7.8.16.0"
},
{
"model": "g8272",
"scope": "lte",
"trust": 1.0,
"vendor": "lenovo",
"version": "8.4.3.0"
},
{
"model": "g8316",
"scope": "lte",
"trust": 1.0,
"vendor": "ibm",
"version": "7.9.19.0"
},
{
"model": "g8264cs",
"scope": "lte",
"trust": 1.0,
"vendor": "lenovo",
"version": "8.4.3.0"
},
{
"model": "g8296",
"scope": "lte",
"trust": 1.0,
"vendor": "lenovo",
"version": "8.4.3.0"
},
{
"model": "g8124e",
"scope": "lte",
"trust": 1.0,
"vendor": "ibm",
"version": "7.11.9.0"
},
{
"model": "g8264",
"scope": "lte",
"trust": 1.0,
"vendor": "lenovo",
"version": "8.4.3.0"
},
{
"model": "rackswitch g8332",
"scope": "eq",
"trust": 0.9,
"vendor": "lenovo",
"version": "8.4.4.0"
},
{
"model": "rackswitch g8296",
"scope": "eq",
"trust": 0.9,
"vendor": "lenovo",
"version": "8.4.4.0"
},
{
"model": "rackswitch g8272",
"scope": "eq",
"trust": 0.9,
"vendor": "lenovo",
"version": "8.4.4.0"
},
{
"model": "rackswitch g8264cs",
"scope": "eq",
"trust": 0.9,
"vendor": "lenovo",
"version": "8.4.4.0"
},
{
"model": "rackswitch g8264",
"scope": "eq",
"trust": 0.9,
"vendor": "lenovo",
"version": "8.4.4.0"
},
{
"model": "rackswitch g8124e",
"scope": "eq",
"trust": 0.9,
"vendor": "lenovo",
"version": "8.4.4.0"
},
{
"model": "rackswitch g8052",
"scope": "eq",
"trust": 0.9,
"vendor": "lenovo",
"version": "8.4.4.0"
},
{
"model": "flex system si4091 system interconnect",
"scope": "eq",
"trust": 0.9,
"vendor": "lenovo",
"version": "8.4.4.0"
},
{
"model": "flex system fabric en4093r 10gb scalable switch",
"scope": "eq",
"trust": 0.9,
"vendor": "lenovo",
"version": "8.4.4.0"
},
{
"model": "flex system fabric cn4093 10gb converged scalable switch",
"scope": "eq",
"trust": 0.9,
"vendor": "lenovo",
"version": "8.4.4.0"
},
{
"model": "rackswitch g8332",
"scope": "eq",
"trust": 0.9,
"vendor": "ibm",
"version": "7.7.26.0"
},
{
"model": "rackswitch g8316",
"scope": "eq",
"trust": 0.9,
"vendor": "ibm",
"version": "7.9.20.0"
},
{
"model": "rackswitch g8264t",
"scope": "eq",
"trust": 0.9,
"vendor": "ibm",
"version": "7.9.20.0"
},
{
"model": "rackswitch g8264cs",
"scope": "eq",
"trust": 0.9,
"vendor": "ibm",
"version": "7.8.17.0"
},
{
"model": "rackswitch g8052",
"scope": "eq",
"trust": 0.9,
"vendor": "ibm",
"version": "7.9.20.0"
},
{
"model": "1g l2-7 slb switch for bladecenter",
"scope": "eq",
"trust": 0.9,
"vendor": "ibm",
"version": "21.25"
},
{
"model": "bladecenter 1:10g uplink ethernet switch",
"scope": "eq",
"trust": 0.9,
"vendor": "ibm",
"version": "7.4.17.0"
},
{
"model": "bladecenter layer copper ethernet switch",
"scope": "eq",
"trust": 0.9,
"vendor": "ibm",
"version": "2/33.11"
},
{
"model": "flex system en2092 1gb ethernet scalable switch",
"scope": "eq",
"trust": 0.9,
"vendor": "ibm",
"version": "7.8.17.0"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "quagga",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "suse linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "opensuse",
"version": null
},
{
"model": "1g l2-7 slb switch for bladecenter",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "bladecenter 1/10g uplink ethernet switch module",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "bladecenter layer 2/3 copper ethernet switch module",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "flex system en2092 1gb ethernet scalable switch",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "flex system fabric cn4093 10gb converged scalable switch",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "flex system fabric en4093 10gb scalable switch",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "flex system fabric en4093r 10gb scalable switch",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "system networking rackswitch g8052",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "system networking rackswitch g8124",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "system networking rackswitch g8124e",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "system networking rackswitch g8124er",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "system networking rackswitch g8264",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "system networking rackswitch g8264cs",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "system networking rackswitch g8264t",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "system networking rackswitch g8316",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "system networking rackswitch g8332",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "virtual fabric 10gb switch module for ibm bladecenter",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "flex system fabric cn4093 10gb converged scalable switch",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "flex system fabric en4093r 10gb scalable switch",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "flex system si4091 system interconnect module",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "rackswitch g8052",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "rackswitch g8124e",
"scope": "eq",
"trust": 0.8,
"vendor": "lenovo",
"version": "(thinkagile cx2200)"
},
{
"model": "rackswitch g8264",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "rackswitch g8264cs",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "rackswitch g8272",
"scope": "eq",
"trust": 0.8,
"vendor": "lenovo",
"version": "(thinkagile cx4200/cx4600)"
},
{
"model": "rackswitch g8296",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "rackswitch g8332",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "univerge ip8800",
"scope": null,
"trust": 0.8,
"vendor": "nec",
"version": null
},
{
"model": "flex system\\303\\242?\\302\\242 fabric cn4093 10gb converged scalable switch",
"scope": "eq",
"trust": 0.6,
"vendor": "ibm",
"version": "7.8.17.0"
},
{
"model": "flex system\\303\\242?\\302\\242 fabric en4093/en4093r 10gb scalable switch",
"scope": "eq",
"trust": 0.6,
"vendor": "ibm",
"version": "7.8.17.0"
},
{
"model": "g8052",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "8.4.3.0"
},
{
"model": "g8332",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "8.4.3.0"
},
{
"model": "g8272",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "8.4.3.0"
},
{
"model": "g8296",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "8.4.3.0"
},
{
"model": "g8264",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "8.4.3.0"
},
{
"model": "fabric cn4093 10gb",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "8.4.3.0"
},
{
"model": "si4091",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "8.4.3.0"
},
{
"model": "g8124e",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "8.4.3.0"
},
{
"model": "fabric en4093r 10gb",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "8.4.3.0"
},
{
"model": "flex system? fabric en4093/en4093r 10gb scalable switch",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.8.17.0"
},
{
"model": "flex system? fabric cn4093 10gb converged scalable switch",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.8.17.0"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#793496"
},
{
"db": "CNVD",
"id": "CNVD-2017-29253"
},
{
"db": "BID",
"id": "99995"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007384"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1518"
},
{
"db": "NVD",
"id": "CVE-2017-3752"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:ibm:bladecenter_1g_l2-7_slb_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:ibm:bladecenter_1%2F10g_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:ibm:layer_2%2F3_copper_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:ibm:system_networking_rackswitch__en2092_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:ibm:system_networking_rackswitch__cn4093_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:ibm:system_networking_rackswitch__en4093_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:ibm:system_networking_rackswitch__en4093r_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:ibm:system_networking_rackswitch__g8052_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:ibm:system_networking_rackswitch__g8124_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:ibm:system_networking_rackswitch__g8124e_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:ibm:system_networking_rackswitch__g8124er_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:ibm:system_networking_rackswitch__g8264_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:ibm:system_networking_rackswitch__g8264cs_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:ibm:system_networking_rackswitch__g8264t_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:ibm:system_networking_rackswitch__g8316_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:ibm:system_networking_rackswitch__g8332_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:ibm:bladecenter_10g_vfsm_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:lenovo:fabric_cn4093_10gb_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:lenovo:fabric_en4093r_10gb_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:lenovo:si4091_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:lenovo:g8052_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:lenovo:g8124e_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:lenovo:g8264_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:lenovo:g8264cs_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:lenovo:g8272_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:lenovo:g8296_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:lenovo:g8332_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:nec:univerge_ip8800",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007384"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Adi Sosnovich, Orna Grumberg, and Gabi Nakibly.",
"sources": [
{
"db": "BID",
"id": "99995"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1518"
}
],
"trust": 0.9
},
"cve": "CVE-2017-3752",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 5.5,
"id": "CVE-2017-3752",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:A/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 5.5,
"id": "CNVD-2017-29253",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 5.5,
"id": "VHN-111955",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:A/AC:M/AU:N/C:N/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.6,
"id": "CVE-2017-3752",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-3752",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-3752",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-29253",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201707-1518",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-111955",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-29253"
},
{
"db": "VULHUB",
"id": "VHN-111955"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007384"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1518"
},
{
"db": "NVD",
"id": "CVE-2017-3752"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An industry-wide vulnerability has been identified in the implementation of the Open Shortest Path First (OSPF) routing protocol used on some Lenovo switches. Exploitation of these implementation flaws may result in attackers being able to erase or alter the routing tables of one or many routers, switches, or other devices that support OSPF within a routing domain. Part of Lenovo and IBM Switch Open Shortest Path First (OSPF) Routing protocol implementations have input validation vulnerabilities and data integrity validation vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. LenovoFlexSystemFabricCN409310GbConvergedScalableSwitch, etc. are all switch devices of China Lenovo. IBM1GL2-7SLBswitchforBladecenter and so on are all IBM IBM switch devices. A number of security vulnerabilities exist in OpenShortestPathFirst (OSPF) routingprotocol implementations in Lenovo and IBM NetworkingSwitches. An attacker could use this vulnerability to delete and change routing tables. Lenovo and IBM Networking Switches are prone to a security-bypass vulnerability. \nAn attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-3752"
},
{
"db": "CERT/CC",
"id": "VU#793496"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007384"
},
{
"db": "CNVD",
"id": "CNVD-2017-29253"
},
{
"db": "BID",
"id": "99995"
},
{
"db": "VULHUB",
"id": "VHN-111955"
}
],
"trust": 3.24
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "LENOVO",
"id": "LEN-14078",
"trust": 3.4
},
{
"db": "NVD",
"id": "CVE-2017-3752",
"trust": 3.4
},
{
"db": "BID",
"id": "99995",
"trust": 2.6
},
{
"db": "CERT/CC",
"id": "VU#793496",
"trust": 1.9
},
{
"db": "JVN",
"id": "JVNVU93329670",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007384",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2017-29253",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1518",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-111955",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#793496"
},
{
"db": "CNVD",
"id": "CNVD-2017-29253"
},
{
"db": "VULHUB",
"id": "VHN-111955"
},
{
"db": "BID",
"id": "99995"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007384"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1518"
},
{
"db": "NVD",
"id": "CVE-2017-3752"
}
]
},
"id": "VAR-201708-0553",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-29253"
},
{
"db": "VULHUB",
"id": "VHN-111955"
}
],
"trust": 1.2999504025
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-29253"
}
]
},
"last_update_date": "2024-11-23T22:00:54.446000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "NV17-022",
"trust": 0.8,
"url": "http://jpn.nec.com/security-info/secinfo/nv17-022.html"
},
{
"title": "LEN-14078",
"trust": 0.8,
"url": "https://support.lenovo.com/us/en/product_security/LEN-14078"
},
{
"title": "A variety of patches for Lenovo and IBM NetworkingSwitches security bypass vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/102597"
},
{
"title": "Multiple Lenovo and IBM Networking Switches Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=73845"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-29253"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007384"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1518"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
},
{
"problemtype": "CWE-354",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-111955"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007384"
},
{
"db": "NVD",
"id": "CVE-2017-3752"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://support.lenovo.com/us/en/product_security/len-14078"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/99995"
},
{
"trust": 1.1,
"url": "https://www.kb.cert.org/vuls/id/793496"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/354.html"
},
{
"trust": 0.8,
"url": "https://en.wikipedia.org/wiki/open_shortest_path_first"
},
{
"trust": 0.8,
"url": "https://www.ietf.org/rfc/rfc2328.txt"
},
{
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170727-ospf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3752"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu93329670/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-3752"
},
{
"trust": 0.8,
"url": "https://tools.ietf.org/html/rfc2328"
},
{
"trust": 0.6,
"url": "https://support.lenovo.com/us/zh/product_security/len-14078"
},
{
"trust": 0.3,
"url": "http://www.ibm.com/"
},
{
"trust": 0.3,
"url": "http://www.lenovo.com/ca/en/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#793496"
},
{
"db": "CNVD",
"id": "CNVD-2017-29253"
},
{
"db": "VULHUB",
"id": "VHN-111955"
},
{
"db": "BID",
"id": "99995"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007384"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1518"
},
{
"db": "NVD",
"id": "CVE-2017-3752"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#793496"
},
{
"db": "CNVD",
"id": "CNVD-2017-29253"
},
{
"db": "VULHUB",
"id": "VHN-111955"
},
{
"db": "BID",
"id": "99995"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007384"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1518"
},
{
"db": "NVD",
"id": "CVE-2017-3752"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-27T00:00:00",
"db": "CERT/CC",
"id": "VU#793496"
},
{
"date": "2017-09-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-29253"
},
{
"date": "2017-08-09T00:00:00",
"db": "VULHUB",
"id": "VHN-111955"
},
{
"date": "2017-07-27T00:00:00",
"db": "BID",
"id": "99995"
},
{
"date": "2017-09-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007384"
},
{
"date": "2017-07-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-1518"
},
{
"date": "2017-08-09T21:29:01.600000",
"db": "NVD",
"id": "CVE-2017-3752"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-18T00:00:00",
"db": "CERT/CC",
"id": "VU#793496"
},
{
"date": "2019-05-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-29253"
},
{
"date": "2017-08-30T00:00:00",
"db": "VULHUB",
"id": "VHN-111955"
},
{
"date": "2017-07-27T00:00:00",
"db": "BID",
"id": "99995"
},
{
"date": "2017-11-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007384"
},
{
"date": "2017-08-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-1518"
},
{
"date": "2024-11-21T03:26:04.163000",
"db": "NVD",
"id": "CVE-2017-3752"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "specific network environment",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201707-1518"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Open Shortest Path First (OSPF) protocol implementations may improperly determine LSA recency",
"sources": [
{
"db": "CERT/CC",
"id": "VU#793496"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201707-1518"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.