Lenovo unveiled a patch for a vulnerability launched fourteen many years back by using a firmware update by the now-defunct Nortel Networks and its blade server and switch business enterprise unit.
The vulnerability CVE-2017-3765 is rated “high” and was connected to Lenovo’s Enterprise Networking Running Program (ENOS) that was employed in Lenovo and IBM RackSwitch and BladeCenter items.
If exploited, attackers could accomplish authentication bypass assaults by using a mechanism termed “HP Backdoor” that could ultimately grant an attacker admin privileges.
“An attacker could gain accessibility to the switch administration interface, allowing options modifications that could consequence in exposing website traffic passing by means of the switch, subtle malfunctions in the hooked up infrastructure, and partial or comprehensive denial of company,” Lenovo claimed in a security advisory.
People are encouraged to update to the most up-to-date firmware or Allow LDAP, RADIUS, or TACAS+ remote authentication, disable the connected “Backdoor” and “Secure Backdoor” regional authentication fallback options Disable Telnet and Prohibit bodily accessibility to the serial console port.