• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • March 3rd, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Security
Malware

Lenovo removes backdoor present in networking switches since 2004

January 13th, 2018 Waqas Malware, Security 0 comments
Lenovo removes backdoor present in networking switches since 2004
Share on FacebookShare on Twitter

Engineers at Chinese firm Lenovo have identified a backdoor in the networking switched namely Rackswitch and BladeCenter firmware. The company stated that the backdoor, referred to in the company’s security advisory (CVE-2017-3765) as “HP backdoor,” was discovered after carrying out an internal security audit of firmware for all the products featuring in its portfolio after acquisitions of other firms. It was revealed that the backdoor affects the above-mentioned networking switches’ Enterprise Network Operating System (ENOS).

Reportedly, ENOS received the backdoor in 2004, at the time it was maintained by Nortel’s Blade Server Switch Business Unit (BSSBU). Understandably, Lenovo is claiming that Nortel must have authorized the backdoor addition upon request of a “BSSBU OEM customer.” The backdoor code seems to have remained hidden in the firmware after the BSSBU was spun off by Nortel as BLADE Network Technologies (BNT) in 2006 and even after IBM acquired BNT in 2010, while Lenovo bought BNT portfolio from IBM in 2014.

For both the networking switches, Lenovo has released updates and has stated that the company never allows mechanisms that can bypass authentication or authorization or that doesn’t follow product security practices at Lenovo to exist.

“Lenovo has removed this mechanism from the ENOS source code and has released updated firmware for affected products,” explained Lenovo in its security advisory.

Researchers at Lenovo claim that the HP backdoor is difficult to exploit because it requires strict conditions for being implemented given that the backdoor isn’t a hidden account but merely an authentication bypassing method.

A variety of methods are supported by the abovementioned switches including Telnet, SSH, a serial console and a web-based interface. Exploitation of backdoor is possible only when affected switches have different authentication methods and security features turned on or off.

Updates for Lenovo but also IBM switches

The backdoor wasn’t identified in the Cloud Network Operating System (CNOS) hence, switches that run on CNOS are safe. Updates for both new switches that bear the brand name of Lenovo and for older IBM brand switches are available as these still run on ENOS. Lenovo’s security advisory also features a list of switches that have been updated as well as download links to the firmware.

More: Lenovo to Pay $3.5m for Secretly Installing Adware in 750,000 Laptops

Source: Lenovo, H/T: BleepingComputer, Top, featured image via DepositPhotos/BeeBright

  • Tags
  • backdoor
  • hacking
  • HP
  • internet
  • Lenovo
  • Malware
  • Privacy
  • security
  • Technology
  • Vulnerability
Facebook Twitter LinkedIn Pinterest
Previous article 60 Android apps for kids found infected with Pornographic malware
Next article Cisco's new tool will detect malware in encrypted traffic
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
Gootloader exploits websites via SEO to spread ransomware, trojans

Gootloader exploits websites via SEO to spread ransomware, trojans

Authentication bypass vulnerability found in NATO, EU approved firewall

Authentication bypass vulnerability found in NATO, EU approved firewall

Data analytics firm Polecat data breach - 30TB of data exposed

Data analytics firm Polecat data breach - 30TB of data exposed

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
Gootloader exploits websites via SEO to spread ransomware, trojans
Security

Gootloader exploits websites via SEO to spread ransomware, trojans

Authentication bypass vulnerability found in NATO, EU approved firewall
Security

Authentication bypass vulnerability found in NATO, EU approved firewall

Data analytics firm Polecat data breach - 30TB of data exposed
Leaks

Data analytics firm Polecat data breach - 30TB of data exposed

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us