CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 0CVE-2020-8349
https://notcve.org/view.php?id=CVE-2020-8349
An internal security review has identified an unauthenticated remote code execution vulnerability in Cloud Networking Operating System (CNOS)’ optional REST API management interface. This interface is disabled by default and not vulnerable unless enabled. When enabled, it is only vulnerable where attached to a VRF and as allowed by defined ACLs. Lenovo strongly recommends upgrading to a non-vulnerable CNOS release. Where not possible, Lenovo recommends disabling the REST API management interface or restricting access to the management VRF and further limiting access to authorized management stations via ACL. • https://support.lenovo.com/us/en/product_security/LEN-44423 • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.0EPSS: 0%CPEs: 31EXPL: 0CVE-2017-3765
https://notcve.org/view.php?id=CVE-2017-3765
In Enterprise Networking Operating System (ENOS) in Lenovo and IBM RackSwitch and BladeCenter products, an authentication bypass known as "HP Backdoor" was discovered during a Lenovo security audit in the serial console, Telnet, SSH, and Web interfaces. This bypass mechanism can be accessed when performing local authentication under specific circumstances. If exploited, admin-level access to the switch is granted. En Enterprise Networking Operating System (ENOS) en productos Lenovo, IBM RackSwitch y BladeCenter, se descubrió una omisión de autenticación conocida como "HP Backdoor" durante una auditaría de seguridad de Lenovo en las interfaces de la consola de serie, Telnet, SSH y Web. Se puede acceder al mecanismo de omisión cuando se realiza una autenticación local bajo ciertas circunstancias. • http://www.securitytracker.com/id/1040296 https://support.lenovo.com/us/en/product_security/LEN-16095 • CWE-287: Improper Authentication •
CVSS: 8.2EPSS: 0%CPEs: 50EXPL: 0CVE-2017-3752
https://notcve.org/view.php?id=CVE-2017-3752
An industry-wide vulnerability has been identified in the implementation of the Open Shortest Path First (OSPF) routing protocol used on some Lenovo switches. Exploitation of these implementation flaws may result in attackers being able to erase or alter the routing tables of one or many routers, switches, or other devices that support OSPF within a routing domain. Se ha identificado una vulnerabilidad que afecta a toda la industria en la implementación del protocolo de enrutamiento Open Shortest Path First (OSPF) empleado en algunos switches Lenovo. La explotación de estos fallos de implementación puede dar lugar a que los atacantes consigan borrar o alterar las tablas de de enrutamiento de uno o muchos routers, switches u otros dispositivos que son compatibles con OSPF en un dominio de enrutamiento. • http://www.securityfocus.com/bid/99995 https://support.lenovo.com/us/en/product_security/LEN-14078 • CWE-20: Improper Input Validation •