多款Lenovo和IBM Networking Switches内存破坏漏洞

CVE编号

CVE-2017-3752

利用情况

暂无

补丁情况

N/A

披露时间

2017-08-10
漏洞描述
An industry-wide vulnerability has been identified in the implementation of the Open Shortest Path First (OSPF) routing protocol used on some Lenovo switches. Exploitation of these implementation flaws may result in attackers being able to erase or alter the routing tables of one or many routers, switches, or other devices that support OSPF within a routing domain.
解决建议
建议您更新当前系统或软件至最新版,完成漏洞的修复。
受影响软件情况
# 类型 厂商 产品 版本 影响面
1
运行在以下环境
系统 ibm 1 10g_firmware Up to
(including)
7.4.16.0
运行在以下环境
系统 ibm 1g_l2-7_slb * Up to
(including)
21.0.24.0
运行在以下环境
系统 ibm en2092_1gb_firmware * Up to
(including)
7.8.16.0
运行在以下环境
系统 ibm fabric_cn4093_10gb_firmware * Up to
(including)
7.8.16.0
运行在以下环境
系统 ibm fabric_en4093/en4093r_10gb_firmware * Up to
(including)
7.8.16.0
运行在以下环境
系统 ibm g8052_firmware * Up to
(including)
7.9.19.0
运行在以下环境
系统 ibm g8124e_firmware * Up to
(including)
7.11.9.0
运行在以下环境
系统 ibm g8124_firmware * Up to
(including)
7.11.9.0
运行在以下环境
系统 ibm g8264cs_firmware * Up to
(including)
7.8.16.0
运行在以下环境
系统 ibm g8264t_firmware * Up to
(including)
7.9.19.0
运行在以下环境
系统 ibm g8264_firmware * Up to
(including)
7.9.19.0
运行在以下环境
系统 ibm g8316_firmware * Up to
(including)
7.9.19.0
运行在以下环境
系统 ibm g8332_firmware * Up to
(including)
7.7.25.0
运行在以下环境
系统 ibm layer_2/3_copper_firmware * Up to
(including)
5.3.10.0
运行在以下环境
系统 ibm virtual_fabric_10gb * Up to
(including)
7.8.12.0
运行在以下环境
系统 lenovo fabric_cn4093_10gb_firmware * Up to
(including)
8.4.3.0
运行在以下环境
系统 lenovo fabric_en4093r_10gb_firmware * Up to
(including)
8.4.3.0
运行在以下环境
系统 lenovo g8052_firmware * Up to
(including)
8.4.3.0
运行在以下环境
系统 lenovo g8124e_firmware * Up to
(including)
8.4.3.0
运行在以下环境
系统 lenovo g8264cs_firmware * Up to
(including)
8.4.3.0
运行在以下环境
系统 lenovo g8264_firmware * Up to
(including)
8.4.3.0
运行在以下环境
系统 lenovo g8272_firmware * Up to
(including)
8.4.3.0
运行在以下环境
系统 lenovo g8296_firmware * Up to
(including)
8.4.3.0
运行在以下环境
系统 lenovo g8332_firmware * Up to
(including)
8.4.3.0
运行在以下环境
系统 lenovo si4091_firmware * Up to
(including)
8.4.3.0
运行在以下环境
硬件 ibm bladecenter - -
运行在以下环境
硬件 ibm flex_system - -
运行在以下环境
硬件 ibm rackswitch - -
运行在以下环境
硬件 lenovo flex_system - -
运行在以下环境
硬件 lenovo rackswitch - -
CVSS3评分
8.2
  • 攻击路径
    相邻
  • 攻击复杂度
  • 权限要求
  • 影响范围
    已更改
  • 用户交互
  • 可用性
  • 保密性
  • 完整性
CWE-ID 漏洞类型
CWE-20 输入验证不恰当
阿里云安全产品覆盖情况