CVE-2017-3752

Published Aug 9, 2017
Last updated 7 years ago
CVSS high 8.2
Overview

Description: An industry-wide vulnerability has been identified in the implementation of the Open Shortest Path First (OSPF) routing protocol used on some Lenovo switches. Exploitation of these implementation flaws may result in attackers being able to erase or alter the routing tables of one or many routers, switches, or other devices that support OSPF within a routing domain.
Source: psirt@lenovo.com
NVD status: Analyzed
Risk scores

CVSS 3.0

Type: Primary
Base score: 8.2
Impact score: 6
Exploitability score: 1.6
Vector string: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:H
Severity: HIGH
CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 4.9
Exploitability score: 5.5
Vector string: AV:A/AC:M/Au:N/C:N/I:P/A:P
Weaknesses

nvd@nist.gov: CWE-20
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:ibm:1g_l2-7_slb:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5C373989-F05A-495C-9099-3475B4B49DD7",
            "versionEndIncluding": "21.0.24.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:ibm:flex_system:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "7E8D1286-5D11-4F31-AF77-BBB37B66897A"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:ibm:bladecenter:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "138E5BA5-72E6-4ADE-BBC7-C61274062FC2"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:ibm:1\\:10g_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5957C6B8-870E-487F-B003-C751847B4179",
            "versionEndIncluding": "7.4.16.0"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:ibm:bladecenter:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "138E5BA5-72E6-4ADE-BBC7-C61274062FC2"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:ibm:layer_2\\/3_copper_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "851856BA-623E-4030-B53A-B276CB3551F2",
            "versionEndIncluding": "5.3.10.0"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:ibm:bladecenter:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "138E5BA5-72E6-4ADE-BBC7-C61274062FC2"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:ibm:virtual_fabric_10gb:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6147AD83-A935-4228-B4F5-B9F44C142DCA",
            "versionEndIncluding": "7.8.12.0"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:ibm:flex_system:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "7E8D1286-5D11-4F31-AF77-BBB37B66897A"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:ibm:en2092_1gb_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "090ECD7A-C62C-4C8F-B7A0-EBD085FC113E",
            "versionEndIncluding": "7.8.16.0"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:ibm:flex_system:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "7E8D1286-5D11-4F31-AF77-BBB37B66897A"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:ibm:fabric_cn4093_10gb_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CBB91913-36E2-4CCD-8F06-9559686354E1",
            "versionEndIncluding": "7.8.16.0"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:ibm:flex_system:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "7E8D1286-5D11-4F31-AF77-BBB37B66897A"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:ibm:fabric_en4093\\/en4093r_10gb_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C4BFB21C-2618-4C36-8100-D0AD973DEED9",
            "versionEndIncluding": "7.8.16.0"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:ibm:rackswitch:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F582ABF9-86DE-4300-9635-A004BA40B048"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:ibm:g8052_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6C523570-23D7-4D7C-BD7B-3F88792D691A",
            "versionEndIncluding": "7.9.19.0"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:ibm:rackswitch:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F582ABF9-86DE-4300-9635-A004BA40B048"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:ibm:g8124_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8C619041-574D-4F20-B6E2-20C8DF0C48DD",
            "versionEndIncluding": "7.11.9.0"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:ibm:g8124e_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "70B625F3-7530-4704-8D34-4AE0CB6017F0",
            "versionEndIncluding": "7.11.9.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:ibm:rackswitch:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F582ABF9-86DE-4300-9635-A004BA40B048"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:ibm:g8264_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5C0230A2-652F-4979-843F-F386B27ED200",
            "versionEndIncluding": "7.9.19.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:ibm:rackswitch:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F582ABF9-86DE-4300-9635-A004BA40B048"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:ibm:g8264cs_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "32E2E71B-3CEF-427A-B383-3E91F889FFDA",
            "versionEndIncluding": "7.8.16.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:ibm:rackswitch:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F582ABF9-86DE-4300-9635-A004BA40B048"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:ibm:g8264t_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "52078020-A91C-4C90-816D-D035324A59C4",
            "versionEndIncluding": "7.9.19.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:ibm:rackswitch:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F582ABF9-86DE-4300-9635-A004BA40B048"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:ibm:g8316_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C53AF1F2-C22A-46AE-A0EB-B78715F800BA",
            "versionEndIncluding": "7.9.19.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:ibm:rackswitch:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F582ABF9-86DE-4300-9635-A004BA40B048"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:ibm:g8332_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "76BE4F68-3093-4104-8848-087971C350EC",
            "versionEndIncluding": "7.7.25.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:ibm:rackswitch:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F582ABF9-86DE-4300-9635-A004BA40B048"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:lenovo:fabric_cn4093_10gb_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A6AE62EB-61FC-4FBC-886E-956F18D3ABFB",
            "versionEndIncluding": "8.4.3.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:lenovo:flex_system:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "DB0DBD6A-3583-4319-A0E7-A3DBAED3588A"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:lenovo:fabric_en4093r_10gb_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DA0F8CD7-B875-47DB-AE77-DEF269321627",
            "versionEndIncluding": "8.4.3.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:lenovo:flex_system:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "DB0DBD6A-3583-4319-A0E7-A3DBAED3588A"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:lenovo:si4091_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DD2F5AE9-9942-4D9B-B7C1-3A821F9473C2",
            "versionEndIncluding": "8.4.3.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:lenovo:flex_system:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "DB0DBD6A-3583-4319-A0E7-A3DBAED3588A"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:lenovo:g8052_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "73DD6C3A-3447-4538-9671-2B2075DAC741",
            "versionEndIncluding": "8.4.3.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:lenovo:rackswitch:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "9FF9188F-E06E-47B4-9868-A7295B7B6E8F"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:lenovo:g8124e_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A70DD7D3-405F-4BC6-BEF7-1827AE29AEF5",
            "versionEndIncluding": "8.4.3.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:lenovo:rackswitch:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "9FF9188F-E06E-47B4-9868-A7295B7B6E8F"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:lenovo:g8264_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "639A4EA4-DFA9-4A7A-B22E-23C150DD2E8B",
            "versionEndIncluding": "8.4.3.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:lenovo:rackswitch:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "9FF9188F-E06E-47B4-9868-A7295B7B6E8F"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:lenovo:g8264cs_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DFA4508C-4DDE-4E84-826F-9C3AA475A34C",
            "versionEndIncluding": "8.4.3.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:lenovo:rackswitch:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "9FF9188F-E06E-47B4-9868-A7295B7B6E8F"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:lenovo:g8272_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "37008C3A-0DE7-40A8-A945-AB7FD92A6395",
            "versionEndIncluding": "8.4.3.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:lenovo:rackswitch:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "9FF9188F-E06E-47B4-9868-A7295B7B6E8F"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:lenovo:g8296_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9E93F011-AA73-40B0-A3BC-BAD75BB6B627",
            "versionEndIncluding": "8.4.3.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:lenovo:rackswitch:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "9FF9188F-E06E-47B4-9868-A7295B7B6E8F"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:lenovo:g8332_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7607ACCB-235B-4116-BE00-39911040EAE1",
            "versionEndIncluding": "8.4.3.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:lenovo:rackswitch:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "9FF9188F-E06E-47B4-9868-A7295B7B6E8F"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]
Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References
