8.2
CVE-2017-3752
- EPSS 0.15%
- Published 09.08.2017 21:29:01
- Last modified 20.04.2025 01:37:25
- Source psirt@lenovo.com
- Teams watchlist Login
- Open Login
An industry-wide vulnerability has been identified in the implementation of the Open Shortest Path First (OSPF) routing protocol used on some Lenovo switches. Exploitation of these implementation flaws may result in attackers being able to erase or alter the routing tables of one or many routers, switches, or other devices that support OSPF within a routing domain.
Data is provided by the National Vulnerability Database (NVD)
Ibm ≫ 1g L2-7 Slb Version <= 21.0.24.0
Ibm ≫ Virtual Fabric 10gb Version <= 7.8.12.0
Ibm ≫ En2092 1gb Firmware Version <= 7.8.16.0
Ibm ≫ Fabric Cn4093 10gb Firmware Version <= 7.8.16.0
Ibm ≫ G8052 Firmware Version <= 7.9.19.0
Ibm ≫ G8124 Firmware Version <= 7.11.9.0
Ibm ≫ G8124e Firmware Version <= 7.11.9.0
Ibm ≫ G8264 Firmware Version <= 7.9.19.0
Ibm ≫ G8264cs Firmware Version <= 7.8.16.0
Ibm ≫ G8264t Firmware Version <= 7.9.19.0
Ibm ≫ G8316 Firmware Version <= 7.9.19.0
Ibm ≫ G8332 Firmware Version <= 7.7.25.0
Lenovo ≫ Fabric Cn4093 10gb Firmware Version <= 8.4.3.0
Lenovo ≫ Fabric En4093r 10gb Firmware Version <= 8.4.3.0
Lenovo ≫ Si4091 Firmware Version <= 8.4.3.0
Lenovo ≫ G8052 Firmware Version <= 8.4.3.0
Lenovo ≫ G8124e Firmware Version <= 8.4.3.0
Lenovo ≫ G8264 Firmware Version <= 8.4.3.0
Lenovo ≫ G8264cs Firmware Version <= 8.4.3.0
Lenovo ≫ G8272 Firmware Version <= 8.4.3.0
Lenovo ≫ G8296 Firmware Version <= 8.4.3.0
Lenovo ≫ G8332 Firmware Version <= 8.4.3.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
Type | Source | Score | Percentile |
---|---|---|---|
EPSS | FIRST.org | 0.15% | 0.315 |
Source | Base Score | Exploit Score | Impact Score | Vector string |
---|---|---|---|---|
nvd@nist.gov | 8.2 | 1.6 | 6 |
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:H
|
nvd@nist.gov | 4.3 | 5.5 | 4.9 |
AV:A/AC:M/Au:N/C:N/I:P/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.