Warning: file_put_contents(/srv/users/serverpilot/apps/bitupdateus/public/wp-content/plugins/bulk-post-0.4-1/cache/sessions//E40ONSMtoI3g345ZgCe8wJIDEuByicFyaYCVddlY): failed to open stream: No space left on device in /srv/users/serverpilot/apps/bitupdateus/public/wp-content/plugins/stupidpie-1.8.3-1/vendor/illuminate/filesystem/Filesystem.php on line 122
  Lenovo finds backdoor in its own network switches | Bit Updates
Home » bitcoin updates » Lenovo finds backdoor in its own network switches

Lenovo finds backdoor in its own network switches

Saturday, January 13th, 2018 | bitcoin updates

          
    
    
    
             The compromised switch models, which now belong to Lenovo's portfolio, had originally been developed by the long-neglected network supplier Nortel.
            

        

        Chinese company Lenovo reports that it has found undocumented access to its RackSwitch and BladeCenter enterprise switches. The backdoor is in corporate networks with the ENOS operating system (Enterprise Network Operating System) and was noticed in an internal security control. The backdoor allowed unauthenticated and unauthorized access to the switches.
According to Lenovo, the secret access was already set in 2004, at a time when ENOS was still part of the Blade Server Switch Business Unit (BSSBU) of the former network equipment supplier Nortel. The backdoor had demanded a Nortel OEM customer. In Lenovo's Security Advisory she is referred to as "HP backdoor". It apparently also went undetected when Nortel's Switch division was spun off into Blade Network Technologies (BNT) in 2006 and went to IBM in 2010 under the name BLADE. Lenovo finally took over BLADE from IBM in 2014.
BLADE had stated in 2010 that the company no longer had any products or relationships with Nortel, and that both hardware design and software were standalone BLADE products.
Updates to Lenovo but also IBM switches that bypass authentication and authorization are unacceptable to the organization and are in violation of in-house security policies, Lenovo said. The backdoor mechanism has been removed from the ENOS source code, there is now an updated firmware for the products in question.
Updates are also available for the older series, which were still sold under IBM's brand name. Lenovo has published a list of all the devices for which updates are available, as well as download links of the firmware, in its Security Advisory (CVE-2017-3765). The backdoor does not exist in the Cloud Network Operating System (CNOS). Secret access is not a hidden access but a mechanism that bypasses authentication and requires very specific conditions. Lenovo also describes details in Security Advisory.

(Dz)

      

Related

Skychain introduces MVP a

article: The Skychain ICO starts on February 26th. The team recently presented a

Citizen Participation in

The housing industry and red-red-green – from this relationship will certainly not a

Exploratory Talks in Berl

CDU, CSU, FDP and Greens have completed their first large exploratory round on

Euro on Sunday Certi-Tipp

by Emmeran Eder, Euro on Sunday The Flash Crash in early February has