CVE-2017-3752
moderate-risk
Published 2017-08-09
An industry-wide vulnerability has been identified in the implementation of the Open Shortest Path First (OSPF) routing protocol used on some Lenovo switches. Exploitation of these implementation flaws may result in attackers being able to erase or alter the routing tables of one or many routers, switches, or other devices that support OSPF within a routing domain.
Do I need to act?
-
0.15% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.2/10
High
ADJACENT_NETWORK
/ HIGH complexity
Affected Products (20)
1G L2-7 Slb
1\
Layer 2\/3 Copper Firmware
En2092 1Gb Firmware
G8124 Firmware
G8264 Firmware
G8264T Firmware
G8316 Firmware
G8332 Firmware
Fabric Cn4093 10Gb Firmware
G8052 Firmware
G8264Cs Firmware
G8296 Firmware
Virtual Fabric 10Gb
Fabric Cn4093 10Gb Firmware
Fabric En4093\/En4093R 10Gb Firmware
G8052 Firmware
G8124E Firmware
G8264Cs Firmware
Fabric En4093R 10Gb Firmware
References (4)
Third Party Advisory
http://www.securityfocus.com/bid/99995
Vendor Advisory
https://support.lenovo.com/us/en/product_security/LEN-14078
Third Party Advisory
http://www.securityfocus.com/bid/99995
Vendor Advisory
https://support.lenovo.com/us/en/product_security/LEN-14078
43
/ 100
moderate-risk
Severity
21/34 · High
Exploitability
1/34 · Minimal
Exposure
21/34 · High