CVE-2017-3752

Published: Aug 9, 2017Modified: May 13, 2026

8.2

Vector

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:H

Exploitability: 1.6 / Impact: 6.0

Source: NVD

Description

An industry-wide vulnerability has been identified in the implementation of the Open Shortest Path First (OSPF) routing protocol used on some Lenovo switches. Exploitation of these implementation flaws may result in attackers being able to erase or alter the routing tables of one or many routers, switches, or other devices that support OSPF within a routing domain.

Affected (25)

Products: Ibm: 1g L2 7 Slb, 1\, Layer 2/3 Copper Firmware, Virtual Fabric 10gb, En2092 1gb Firmware, Fabric Cn4093 10gb Firmware, Fabric En4093/en4093r 10gb Firmware, G8052 Firmware, G8124 Firmware, G8124e Firmware, G8264 Firmware, G8264cs Firmware, G8264t Firmware, G8316 Firmware, G8332 Firmware · Lenovo: Fabric Cn4093 10gb Firmware, Fabric En4093r 10gb Firmware, Si4091 Firmware, G8052 Firmware, G8124e Firmware, G8264 Firmware, G8264cs Firmware, G8272 Firmware, G8296 Firmware, G8332 Firmware

Ibm

15 products

1g L2 7 Slb

Layer 2/3 Copper Firmware

Virtual Fabric 10gb

En2092 1gb Firmware

Fabric Cn4093 10gb Firmware

Fabric En4093/en4093r 10gb Firmware

10 products

Fabric Cn4093 10gb Firmware

Fabric En4093r 10gb Firmware

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ibm 1g L2 7 Slb	Up to 21.0.24.0

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Ibm 1\	Up to 7.4.16.0

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Ibm Layer 2/3 Copper Firmware	Up to 5.3.10.0

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ibm Virtual Fabric 10gb	Up to 7.8.12.0

Running on/with	Platform Versions
Ibm Bladecenter	All versions

Configuration E

1 vulnerable

Vulnerable Software	Affected Versions
Ibm En2092 1gb Firmware	Up to 7.8.16.0

Configuration F

1 vulnerable

Vulnerable Software	Affected Versions
Ibm Fabric Cn4093 10gb Firmware	Up to 7.8.16.0

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ibm Fabric En4093/en4093r 10gb Firmware	Up to 7.8.16.0

Running on/with	Platform Versions
Ibm Flex System	All versions

Configuration H

1 vulnerable

Vulnerable Software	Affected Versions
Ibm G8052 Firmware	Up to 7.9.19.0

Configuration I

1 vulnerable

Vulnerable Software	Affected Versions
Ibm G8124 Firmware	Up to 7.11.9.0

Configuration J

1 vulnerable

Vulnerable Software	Affected Versions
Ibm G8124e Firmware	Up to 7.11.9.0

Configuration K

1 vulnerable

Vulnerable Software	Affected Versions
Ibm G8264 Firmware	Up to 7.9.19.0

Configuration L

1 vulnerable

Vulnerable Software	Affected Versions
Ibm G8264cs Firmware	Up to 7.8.16.0

Configuration M

1 vulnerable

Vulnerable Software	Affected Versions
Ibm G8264t Firmware	Up to 7.9.19.0

Configuration N

1 vulnerable

Vulnerable Software	Affected Versions
Ibm G8316 Firmware	Up to 7.9.19.0

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ibm G8332 Firmware	Up to 7.7.25.0

Running on/with	Platform Versions
Ibm Rackswitch	All versions

Configuration P

1 vulnerable

Vulnerable Software	Affected Versions
Lenovo Fabric Cn4093 10gb Firmware	Up to 8.4.3.0

Configuration Q

1 vulnerable

Vulnerable Software	Affected Versions
Lenovo Fabric En4093r 10gb Firmware	Up to 8.4.3.0

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Si4091 Firmware	Up to 8.4.3.0

Running on/with	Platform Versions
Lenovo Flex System	All versions

Configuration S

1 vulnerable

Vulnerable Software	Affected Versions
Lenovo G8052 Firmware	Up to 8.4.3.0

Configuration T

1 vulnerable

Vulnerable Software	Affected Versions
Lenovo G8124e Firmware	Up to 8.4.3.0

Configuration U

1 vulnerable

Vulnerable Software	Affected Versions
Lenovo G8264 Firmware	Up to 8.4.3.0

Configuration V

1 vulnerable

Vulnerable Software	Affected Versions
Lenovo G8264cs Firmware	Up to 8.4.3.0

Configuration W

1 vulnerable

Vulnerable Software	Affected Versions
Lenovo G8272 Firmware	Up to 8.4.3.0

Configuration X

1 vulnerable

Vulnerable Software	Affected Versions
Lenovo G8296 Firmware	Up to 8.4.3.0

Configuration Y

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo G8332 Firmware	Up to 8.4.3.0

Running on/with	Platform Versions
Lenovo Rackswitch	All versions

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (4)

http://www.securityfocus.com/bid/99995

Source: psirt@lenovo.com

Third Party AdvisoryVDB Entry

https://support.lenovo.com/us/en/product_security/LEN-14078

Source: psirt@lenovo.com

Vendor Advisory

http://www.securityfocus.com/bid/99995

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://support.lenovo.com/us/en/product_security/LEN-14078

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.