CVSS: 7.0EPSS: 0%CPEs: 31EXPL: 0CVE-2017-3765
https://notcve.org/view.php?id=CVE-2017-3765
In Enterprise Networking Operating System (ENOS) in Lenovo and IBM RackSwitch and BladeCenter products, an authentication bypass known as "HP Backdoor" was discovered during a Lenovo security audit in the serial console, Telnet, SSH, and Web interfaces. This bypass mechanism can be accessed when performing local authentication under specific circumstances. If exploited, admin-level access to the switch is granted. En Enterprise Networking Operating System (ENOS) en productos Lenovo, IBM RackSwitch y BladeCenter, se descubrió una omisión de autenticación conocida como "HP Backdoor" durante una auditaría de seguridad de Lenovo en las interfaces de la consola de serie, Telnet, SSH y Web. Se puede acceder al mecanismo de omisión cuando se realiza una autenticación local bajo ciertas circunstancias. • http://www.securitytracker.com/id/1040296 https://support.lenovo.com/us/en/product_security/LEN-16095 • CWE-287: Improper Authentication •
CVSS: 10.0EPSS: 0%CPEs: 42EXPL: 0CVE-2014-4752
https://notcve.org/view.php?id=CVE-2014-4752
IBM System Networking G8052, G8124, G8124-E, G8124-ER, G8264, G8316, and G8264-T switches before 7.9.10.0; EN4093, EN4093R, CN4093, SI4093, EN2092, and G8264CS switches before 7.8.6.0; Flex System Interconnect Fabric before 7.8.6.0; 1G L2-7 SLB switch for Bladecenter before 21.0.21.0; 10G VFSM for Bladecenter before 7.8.14.0; 1:10G switch for Bladecenter before 7.4.8.0; 1G switch for Bladecenter before 5.3.5.0; Server Connectivity Module before 1.1.3.4; System Networking RackSwitch G8332 before 7.7.17.0; and System Networking RackSwitch G8000 before 7.1.7.0 have hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. Switches IBM System Networking G8052, G8124, G8124-E, G8124-ER, G8264, G8316, y G8264-T anterior a 7.9.10.0; Switches EN4093, EN4093R, CN4093, SI4093, EN2092, y G8264CS anterior a 7.8.6.0; Flex System Interconnect Fabric anterior a 7.8.6.0; Switch 1G L2-7 SLB para Bladecenter anterior a 21.0.21.0; 10G VFSM para Bladecenter anterior a 7.8.14.0; Switch 1:10G para Bladecenter anterior a 7.4.8.0; Switch 1G para Bladecenter anterior a 5.3.5.0; Server Connectivity Module anterior a 1.1.3.4; System Networking RackSwitch G8332 anterior a 7.7.17.0; y System Networking RackSwitch G8000 anterior a 7.1.7.0 tienen credenciales embebidas, lo que facilita a atacantes remotos obtener acceso a través de vectores no especificados. • http://secunia.com/advisories/54512 http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096232 •