HP Backdoor: Authentication Bypass Vulnerability in Lenovo and IBM RackSwitch and BladeCenter Products

HP Backdoor: Authentication Bypass Vulnerability in Lenovo and IBM RackSwitch and BladeCenter Products

CVE-2017-3765 · MEDIUM Severity

AV:L/AC:H/AU:N/C:C/I:C/A:C

In Enterprise Networking Operating System (ENOS) in Lenovo and IBM RackSwitch and BladeCenter products, an authentication bypass known as "HP Backdoor" was discovered during a Lenovo security audit in the serial console, Telnet, SSH, and Web interfaces. This bypass mechanism can be accessed when performing local authentication under specific circumstances. If exploited, admin-level access to the switch is granted.

Learn more about our Cis Benchmark Audit For Ibm I.