CVE-2017-3752

HIGH

IBM and Lenovo Fabric Firmware - OSPF Routing Table Manipulation via Improper Input Validation

Title source: llm

Description

An industry-wide vulnerability has been identified in the implementation of the Open Shortest Path First (OSPF) routing protocol used on some Lenovo switches. Exploitation of these implementation flaws may result in attackers being able to erase or alter the routing tables of one or many routers, switches, or other devices that support OSPF within a routing domain.

References (2)

Core 2

Core References

Vendor Advisory x_refsource_confirm

https://support.lenovo.com/us/en/product_security/LEN-14078

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/99995

Scores

CVSS v3 8.2

EPSS 0.0015

EPSS Percentile 34.5%

Attack Vector ADJACENT_NETWORK

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:H

Details

CWE

CWE-20

Status published

Products (26)

ibm/1\ < 7.4.16.0

ibm/1g_l2-7_slb < 21.0.24.0

ibm/en2092_1gb_firmware < 7.8.16.0

ibm/fabric_cn4093_10gb_firmware < 7.8.16.0

ibm/fabric_en4093\/en4093r_10gb_firmware < 7.8.16.0

ibm/g8052_firmware < 7.9.19.0

ibm/g8124_firmware < 7.11.9.0

ibm/g8124e_firmware < 7.11.9.0

ibm/g8264_firmware < 7.9.19.0

ibm/g8264cs_firmware < 7.8.16.0

... and 16 more

Published Aug 09, 2017

Tracked Since Feb 18, 2026