8.2

CVE-2017-3752

An industry-wide vulnerability has been identified in the implementation of the Open Shortest Path First (OSPF) routing protocol used on some Lenovo switches. Exploitation of these implementation flaws may result in attackers being able to erase or alter the routing tables of one or many routers, switches, or other devices that support OSPF within a routing domain.

Data is provided by the National Vulnerability Database (NVD)
Ibm1g L2-7 Slb Version <= 21.0.24.0
   IbmFlex System Version-
IbmVirtual Fabric 10gb Version <= 7.8.12.0
   IbmBladecenter Version-
IbmEn2092 1gb Firmware Version <= 7.8.16.0
   IbmFlex System Version-
IbmFabric Cn4093 10gb Firmware Version <= 7.8.16.0
   IbmFlex System Version-
IbmG8052 Firmware Version <= 7.9.19.0
   IbmRackswitch Version-
IbmG8124 Firmware Version <= 7.11.9.0
   IbmRackswitch Version-
IbmG8124e Firmware Version <= 7.11.9.0
   IbmRackswitch Version-
IbmG8264 Firmware Version <= 7.9.19.0
   IbmRackswitch Version-
IbmG8264cs Firmware Version <= 7.8.16.0
   IbmRackswitch Version-
IbmG8264t Firmware Version <= 7.9.19.0
   IbmRackswitch Version-
IbmG8316 Firmware Version <= 7.9.19.0
   IbmRackswitch Version-
IbmG8332 Firmware Version <= 7.7.25.0
   IbmRackswitch Version-
LenovoFabric Cn4093 10gb Firmware Version <= 8.4.3.0
   LenovoFlex System Version-
LenovoFabric En4093r 10gb Firmware Version <= 8.4.3.0
   LenovoFlex System Version-
LenovoSi4091 Firmware Version <= 8.4.3.0
   LenovoFlex System Version-
LenovoG8052 Firmware Version <= 8.4.3.0
   LenovoRackswitch Version-
LenovoG8124e Firmware Version <= 8.4.3.0
   LenovoRackswitch Version-
LenovoG8264 Firmware Version <= 8.4.3.0
   LenovoRackswitch Version-
LenovoG8264cs Firmware Version <= 8.4.3.0
   LenovoRackswitch Version-
LenovoG8272 Firmware Version <= 8.4.3.0
   LenovoRackswitch Version-
LenovoG8296 Firmware Version <= 8.4.3.0
   LenovoRackswitch Version-
LenovoG8332 Firmware Version <= 8.4.3.0
   LenovoRackswitch Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.15% 0.315
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 8.2 1.6 6
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:H
nvd@nist.gov 4.3 5.5 4.9
AV:A/AC:M/Au:N/C:N/I:P/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.