Details of VAR-201708-0553

ID

VAR-201708-0553

CVE

CVE-2017-3752

TITLE

Open Shortest Path First (OSPF) protocol implementations may improperly determine LSA recency

Trust: 0.8

sources: CERT/CC: VU#793496

DESCRIPTION

An industry-wide vulnerability has been identified in the implementation of the Open Shortest Path First (OSPF) routing protocol used on some Lenovo switches. Exploitation of these implementation flaws may result in attackers being able to erase or alter the routing tables of one or many routers, switches, or other devices that support OSPF within a routing domain. Part of Lenovo and IBM Switch Open Shortest Path First (OSPF) Routing protocol implementations have input validation vulnerabilities and data integrity validation vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. LenovoFlexSystemFabricCN409310GbConvergedScalableSwitch, etc. are all switch devices of China Lenovo. IBM1GL2-7SLBswitchforBladecenter and so on are all IBM IBM switch devices. A number of security vulnerabilities exist in OpenShortestPathFirst (OSPF) routingprotocol implementations in Lenovo and IBM NetworkingSwitches. An attacker could use this vulnerability to delete and change routing tables. Lenovo and IBM Networking Switches are prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks

Trust: 3.24

sources: NVD: CVE-2017-3752 // CERT/CC: VU#793496 // JVNDB: JVNDB-2017-007384 // CNVD: CNVD-2017-29253 // BID: 99995 // VULHUB: VHN-111955

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-29253

AFFECTED PRODUCTS

vendor:	ibm	model:	fabric en4093\/en4093r 10gb	scope:	lte	version:	7.8.16.0	Trust: 1.0
vendor:	lenovo	model:	g8332	scope:	lte	version:	8.4.3.0	Trust: 1.0
vendor:	ibm	model:	virtual fabric 10gb	scope:	lte	version:	7.8.12.0	Trust: 1.0
vendor:	ibm	model:	1g l2-7 slb	scope:	lte	version:	21.0.24.0	Trust: 1.0
vendor:	ibm	model:	g8332	scope:	lte	version:	7.7.25.0	Trust: 1.0
vendor:	lenovo	model:	fabric cn4093 10gb	scope:	lte	version:	8.4.3.0	Trust: 1.0
vendor:	ibm	model:	g8264	scope:	lte	version:	7.9.19.0	Trust: 1.0
vendor:	ibm	model:	g8264cs	scope:	lte	version:	7.8.16.0	Trust: 1.0
vendor:	ibm	model:	g8264t	scope:	lte	version:	7.9.19.0	Trust: 1.0
vendor:	lenovo	model:	si4091	scope:	lte	version:	8.4.3.0	Trust: 1.0
vendor:	ibm	model:	g8052	scope:	lte	version:	7.9.19.0	Trust: 1.0
vendor:	lenovo	model:	g8052	scope:	lte	version:	8.4.3.0	Trust: 1.0
vendor:	ibm	model:	g8124	scope:	lte	version:	7.11.9.0	Trust: 1.0
vendor:	lenovo	model:	g8124e	scope:	lte	version:	8.4.3.0	Trust: 1.0
vendor:	ibm	model:	layer 2\/3 copper	scope:	lte	version:	5.3.10.0	Trust: 1.0
vendor:	ibm	model:	1\:10g	scope:	lte	version:	7.4.16.0	Trust: 1.0
vendor:	ibm	model:	en2092 1gb	scope:	lte	version:	7.8.16.0	Trust: 1.0
vendor:	lenovo	model:	fabric en4093r 10gb	scope:	lte	version:	8.4.3.0	Trust: 1.0
vendor:	ibm	model:	fabric cn4093 10gb	scope:	lte	version:	7.8.16.0	Trust: 1.0
vendor:	lenovo	model:	g8272	scope:	lte	version:	8.4.3.0	Trust: 1.0
vendor:	ibm	model:	g8316	scope:	lte	version:	7.9.19.0	Trust: 1.0
vendor:	lenovo	model:	g8264cs	scope:	lte	version:	8.4.3.0	Trust: 1.0
vendor:	lenovo	model:	g8296	scope:	lte	version:	8.4.3.0	Trust: 1.0
vendor:	ibm	model:	g8124e	scope:	lte	version:	7.11.9.0	Trust: 1.0
vendor:	lenovo	model:	g8264	scope:	lte	version:	8.4.3.0	Trust: 1.0
vendor:	lenovo	model:	rackswitch g8332	scope:	eq	version:	8.4.4.0	Trust: 0.9
vendor:	lenovo	model:	rackswitch g8296	scope:	eq	version:	8.4.4.0	Trust: 0.9
vendor:	lenovo	model:	rackswitch g8272	scope:	eq	version:	8.4.4.0	Trust: 0.9
vendor:	lenovo	model:	rackswitch g8264cs	scope:	eq	version:	8.4.4.0	Trust: 0.9
vendor:	lenovo	model:	rackswitch g8264	scope:	eq	version:	8.4.4.0	Trust: 0.9
vendor:	lenovo	model:	rackswitch g8124e	scope:	eq	version:	8.4.4.0	Trust: 0.9
vendor:	lenovo	model:	rackswitch g8052	scope:	eq	version:	8.4.4.0	Trust: 0.9
vendor:	lenovo	model:	flex system si4091 system interconnect	scope:	eq	version:	8.4.4.0	Trust: 0.9
vendor:	lenovo	model:	flex system fabric en4093r 10gb scalable switch	scope:	eq	version:	8.4.4.0	Trust: 0.9
vendor:	lenovo	model:	flex system fabric cn4093 10gb converged scalable switch	scope:	eq	version:	8.4.4.0	Trust: 0.9
vendor:	ibm	model:	rackswitch g8332	scope:	eq	version:	7.7.26.0	Trust: 0.9
vendor:	ibm	model:	rackswitch g8316	scope:	eq	version:	7.9.20.0	Trust: 0.9
vendor:	ibm	model:	rackswitch g8264t	scope:	eq	version:	7.9.20.0	Trust: 0.9
vendor:	ibm	model:	rackswitch g8264cs	scope:	eq	version:	7.8.17.0	Trust: 0.9
vendor:	ibm	model:	rackswitch g8052	scope:	eq	version:	7.9.20.0	Trust: 0.9
vendor:	ibm	model:	1g l2-7 slb switch for bladecenter	scope:	eq	version:	21.25	Trust: 0.9
vendor:	ibm	model:	bladecenter 1:10g uplink ethernet switch	scope:	eq	version:	7.4.17.0	Trust: 0.9
vendor:	ibm	model:	bladecenter layer copper ethernet switch	scope:	eq	version:	2/33.11	Trust: 0.9
vendor:	ibm	model:	flex system en2092 1gb ethernet scalable switch	scope:	eq	version:	7.8.17.0	Trust: 0.9
vendor:	cisco	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	lenovo	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	quagga	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	red hat	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	suse linux	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	opensuse	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	ibm	model:	1g l2-7 slb switch for bladecenter	scope:	-	version:	-	Trust: 0.8
vendor:	ibm	model:	bladecenter 1/10g uplink ethernet switch module	scope:	-	version:	-	Trust: 0.8
vendor:	ibm	model:	bladecenter layer 2/3 copper ethernet switch module	scope:	-	version:	-	Trust: 0.8
vendor:	ibm	model:	flex system en2092 1gb ethernet scalable switch	scope:	-	version:	-	Trust: 0.8
vendor:	ibm	model:	flex system fabric cn4093 10gb converged scalable switch	scope:	-	version:	-	Trust: 0.8
vendor:	ibm	model:	flex system fabric en4093 10gb scalable switch	scope:	-	version:	-	Trust: 0.8
vendor:	ibm	model:	flex system fabric en4093r 10gb scalable switch	scope:	-	version:	-	Trust: 0.8
vendor:	ibm	model:	system networking rackswitch g8052	scope:	-	version:	-	Trust: 0.8
vendor:	ibm	model:	system networking rackswitch g8124	scope:	-	version:	-	Trust: 0.8
vendor:	ibm	model:	system networking rackswitch g8124e	scope:	-	version:	-	Trust: 0.8
vendor:	ibm	model:	system networking rackswitch g8124er	scope:	-	version:	-	Trust: 0.8
vendor:	ibm	model:	system networking rackswitch g8264	scope:	-	version:	-	Trust: 0.8
vendor:	ibm	model:	system networking rackswitch g8264cs	scope:	-	version:	-	Trust: 0.8
vendor:	ibm	model:	system networking rackswitch g8264t	scope:	-	version:	-	Trust: 0.8
vendor:	ibm	model:	system networking rackswitch g8316	scope:	-	version:	-	Trust: 0.8
vendor:	ibm	model:	system networking rackswitch g8332	scope:	-	version:	-	Trust: 0.8
vendor:	ibm	model:	virtual fabric 10gb switch module for ibm bladecenter	scope:	-	version:	-	Trust: 0.8
vendor:	lenovo	model:	flex system fabric cn4093 10gb converged scalable switch	scope:	-	version:	-	Trust: 0.8
vendor:	lenovo	model:	flex system fabric en4093r 10gb scalable switch	scope:	-	version:	-	Trust: 0.8
vendor:	lenovo	model:	flex system si4091 system interconnect module	scope:	-	version:	-	Trust: 0.8
vendor:	lenovo	model:	rackswitch g8052	scope:	-	version:	-	Trust: 0.8
vendor:	lenovo	model:	rackswitch g8124e	scope:	eq	version:	(thinkagile cx2200)	Trust: 0.8
vendor:	lenovo	model:	rackswitch g8264	scope:	-	version:	-	Trust: 0.8
vendor:	lenovo	model:	rackswitch g8264cs	scope:	-	version:	-	Trust: 0.8
vendor:	lenovo	model:	rackswitch g8272	scope:	eq	version:	(thinkagile cx4200/cx4600)	Trust: 0.8
vendor:	lenovo	model:	rackswitch g8296	scope:	-	version:	-	Trust: 0.8
vendor:	lenovo	model:	rackswitch g8332	scope:	-	version:	-	Trust: 0.8
vendor:	nec	model:	univerge ip8800	scope:	-	version:	-	Trust: 0.8
vendor:	ibm	model:	flex system\303\242?\302\242 fabric cn4093 10gb converged scalable switch	scope:	eq	version:	7.8.17.0	Trust: 0.6
vendor:	ibm	model:	flex system\303\242?\302\242 fabric en4093/en4093r 10gb scalable switch	scope:	eq	version:	7.8.17.0	Trust: 0.6
vendor:	lenovo	model:	g8052	scope:	eq	version:	8.4.3.0	Trust: 0.6
vendor:	lenovo	model:	g8332	scope:	eq	version:	8.4.3.0	Trust: 0.6
vendor:	lenovo	model:	g8272	scope:	eq	version:	8.4.3.0	Trust: 0.6
vendor:	lenovo	model:	g8296	scope:	eq	version:	8.4.3.0	Trust: 0.6
vendor:	lenovo	model:	g8264	scope:	eq	version:	8.4.3.0	Trust: 0.6
vendor:	lenovo	model:	fabric cn4093 10gb	scope:	eq	version:	8.4.3.0	Trust: 0.6
vendor:	lenovo	model:	si4091	scope:	eq	version:	8.4.3.0	Trust: 0.6
vendor:	lenovo	model:	g8124e	scope:	eq	version:	8.4.3.0	Trust: 0.6
vendor:	lenovo	model:	fabric en4093r 10gb	scope:	eq	version:	8.4.3.0	Trust: 0.6
vendor:	ibm	model:	flex system? fabric en4093/en4093r 10gb scalable switch	scope:	eq	version:	7.8.17.0	Trust: 0.3
vendor:	ibm	model:	flex system? fabric cn4093 10gb converged scalable switch	scope:	eq	version:	7.8.17.0	Trust: 0.3

sources: CERT/CC: VU#793496 // CNVD: CNVD-2017-29253 // BID: 99995 // JVNDB: JVNDB-2017-007384 // CNNVD: CNNVD-201707-1518 // NVD: CVE-2017-3752

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-3752
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-3752
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2017-29253
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201707-1518
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-111955
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-3752
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:A/AC:M/AU:N/C:N/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	5.5
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-29253
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:A/AC:M/AU:N/C:N/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	5.5
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-111955
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:A/AC:M/AU:N/C:N/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	5.5
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-3752
baseSeverity:	HIGH
baseScore:	8.2
vectorString:	CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.6
impactScore:	6.0
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-29253 // VULHUB: VHN-111955 // JVNDB: JVNDB-2017-007384 // CNNVD: CNNVD-201707-1518 // NVD: CVE-2017-3752

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.9
problemtype:	CWE-354	Trust: 0.8

sources: VULHUB: VHN-111955 // JVNDB: JVNDB-2017-007384 // NVD: CVE-2017-3752

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201707-1518

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201707-1518

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-007384

PATCH

title:	NV17-022	url:	http://jpn.nec.com/security-info/secinfo/nv17-022.html	Trust: 0.8
title:	LEN-14078	url:	https://support.lenovo.com/us/en/product_security/LEN-14078	Trust: 0.8
title:	A variety of patches for Lenovo and IBM NetworkingSwitches security bypass vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/102597	Trust: 0.6
title:	Multiple Lenovo and IBM Networking Switches Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=73845	Trust: 0.6

sources: CNVD: CNVD-2017-29253 // JVNDB: JVNDB-2017-007384 // CNNVD: CNNVD-201707-1518

EXTERNAL IDS

db:	LENOVO	id:	LEN-14078	Trust: 3.4
db:	NVD	id:	CVE-2017-3752	Trust: 3.4
db:	BID	id:	99995	Trust: 2.6
db:	CERT/CC	id:	VU#793496	Trust: 1.9
db:	JVN	id:	JVNVU93329670	Trust: 0.8
db:	JVNDB	id:	JVNDB-2017-007384	Trust: 0.8
db:	CNVD	id:	CNVD-2017-29253	Trust: 0.6
db:	CNNVD	id:	CNNVD-201707-1518	Trust: 0.6
db:	VULHUB	id:	VHN-111955	Trust: 0.1

sources: CERT/CC: VU#793496 // CNVD: CNVD-2017-29253 // VULHUB: VHN-111955 // BID: 99995 // JVNDB: JVNDB-2017-007384 // CNNVD: CNNVD-201707-1518 // NVD: CVE-2017-3752

REFERENCES

url:	https://support.lenovo.com/us/en/product_security/len-14078	Trust: 2.8
url:	http://www.securityfocus.com/bid/99995	Trust: 1.7
url:	https://www.kb.cert.org/vuls/id/793496	Trust: 1.1
url:	https://cwe.mitre.org/data/definitions/354.html	Trust: 0.8
url:	https://en.wikipedia.org/wiki/open_shortest_path_first	Trust: 0.8
url:	https://www.ietf.org/rfc/rfc2328.txt	Trust: 0.8
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170727-ospf	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3752	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu93329670/index.html	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-3752	Trust: 0.8
url:	https://tools.ietf.org/html/rfc2328	Trust: 0.8
url:	https://support.lenovo.com/us/zh/product_security/len-14078	Trust: 0.6
url:	http://www.ibm.com/	Trust: 0.3
url:	http://www.lenovo.com/ca/en/	Trust: 0.3

sources: CERT/CC: VU#793496 // CNVD: CNVD-2017-29253 // VULHUB: VHN-111955 // BID: 99995 // JVNDB: JVNDB-2017-007384 // CNNVD: CNNVD-201707-1518 // NVD: CVE-2017-3752

CREDITS

Adi Sosnovich, Orna Grumberg, and Gabi Nakibly.

Trust: 0.9

sources: BID: 99995 // CNNVD: CNNVD-201707-1518

SOURCES

db:	CERT/CC	id:	VU#793496
db:	CNVD	id:	CNVD-2017-29253
db:	VULHUB	id:	VHN-111955
db:	BID	id:	99995
db:	JVNDB	id:	JVNDB-2017-007384
db:	CNNVD	id:	CNNVD-201707-1518
db:	NVD	id:	CVE-2017-3752

LAST UPDATE DATE

2024-11-23T22:00:54.446000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#793496	date:	2017-10-18T00:00:00
db:	CNVD	id:	CNVD-2017-29253	date:	2019-05-17T00:00:00
db:	VULHUB	id:	VHN-111955	date:	2017-08-30T00:00:00
db:	BID	id:	99995	date:	2017-07-27T00:00:00
db:	JVNDB	id:	JVNDB-2017-007384	date:	2017-11-09T00:00:00
db:	CNNVD	id:	CNNVD-201707-1518	date:	2017-08-28T00:00:00
db:	NVD	id:	CVE-2017-3752	date:	2024-11-21T03:26:04.163

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#793496	date:	2017-07-27T00:00:00
db:	CNVD	id:	CNVD-2017-29253	date:	2017-09-21T00:00:00
db:	VULHUB	id:	VHN-111955	date:	2017-08-09T00:00:00
db:	BID	id:	99995	date:	2017-07-27T00:00:00
db:	JVNDB	id:	JVNDB-2017-007384	date:	2017-09-20T00:00:00
db:	CNNVD	id:	CNNVD-201707-1518	date:	2017-07-27T00:00:00
db:	NVD	id:	CVE-2017-3752	date:	2017-08-09T21:29:01.600