During a Lenovo audit, its engineers discovered a Backdoor in ENOS (Enterprise Network Operating System) of Lenovo IBM Rack Switch and BlaCenter switches.
The identified vulnerability is the well-known “Backdoor-HP” (authentication bypass) and applies to management via Telnet, Console (Serial port) and SSH. The company says that “Backdoor” was added in 2004, when ENOS was owned by Nortel, at the request of BSSBU OEM.
Problem solution recommended by the manufacturer:
- System update – Lenovo has already released updates even for older IBM-type switches,
- Enable LDAP, RADIUS, TACAS+,
- Disable Telnet,
- Limit physical access to the Console.
Source: https://support.lenovo.com/pl/pl/product_security/len-16095
—
Do you need cybersecurity solutions for your company – contact us.
