CVE-2017-3752

An industry-wide vulnerability has been identified in the implementation of the Open Shortest Path First (OSPF) routing protocol used on some Lenovo switches. Exploitation of these implementation flaws may result in attackers being able to erase or alter the routing tables of one or many routers, switches, or other devices that support OSPF within a routing domain.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.2 HIGH
ADJACENT_NETWORK
HIGH
NONE
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:H
lenovoCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 36%
VendorProductVersion
ibm1g_l2-7_slb
𝑥
≤ 21.0.24.0
ibm1\
𝑥
≤ 7.4.16.0
ibmlayer_2\/3_copper_firmware
𝑥
≤ 5.3.10.0
ibmvirtual_fabric_10gb
𝑥
≤ 7.8.12.0
ibmen2092_1gb_firmware
𝑥
≤ 7.8.16.0
ibmfabric_cn4093_10gb_firmware
𝑥
≤ 7.8.16.0
ibmfabric_en4093\/en4093r_10gb_firmware
𝑥
≤ 7.8.16.0
ibmg8052_firmware
𝑥
≤ 7.9.19.0
ibmg8124_firmware
𝑥
≤ 7.11.9.0
ibmg8124e_firmware
𝑥
≤ 7.11.9.0
ibmg8264_firmware
𝑥
≤ 7.9.19.0
ibmg8264cs_firmware
𝑥
≤ 7.8.16.0
ibmg8264t_firmware
𝑥
≤ 7.9.19.0
ibmg8316_firmware
𝑥
≤ 7.9.19.0
ibmg8332_firmware
𝑥
≤ 7.7.25.0
lenovofabric_cn4093_10gb_firmware
𝑥
≤ 8.4.3.0
lenovofabric_en4093r_10gb_firmware
𝑥
≤ 8.4.3.0
lenovosi4091_firmware
𝑥
≤ 8.4.3.0
lenovog8052_firmware
𝑥
≤ 8.4.3.0
lenovog8124e_firmware
𝑥
≤ 8.4.3.0
lenovog8264_firmware
𝑥
≤ 8.4.3.0
lenovog8264cs_firmware
𝑥
≤ 8.4.3.0
lenovog8272_firmware
𝑥
≤ 8.4.3.0
lenovog8296_firmware
𝑥
≤ 8.4.3.0
lenovog8332_firmware
𝑥
≤ 8.4.3.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/99995
https://support.lenovo.com/us/en/product_security/LEN-14078
http://www.securityfocus.com/bid/99995
https://support.lenovo.com/us/en/product_security/LEN-14078