ENOS (Enterprise Network Operating System)

2018: Detection of a backdoor

In January, 2018 the Lenovo company announced existence of a backdoor in the ENOS operating system (Enterprise Network Operating System) which is used in some models of switches of Lenovo and IBM.

The problem with prisovenny identifier CVE-2017-3765 detected in the Flex System Fabric, RackSwitch and BladeCenter switches appeared in 2004 when the division of Blade Server Switch Business Unit (BSSBU) of the Canadian company Nortel was engaged in support of ENOS. As reported in Lenovo, Nortel approved implementation of a backdoor "at the request of the client of BSSBU". The backdoor is mentioned in the notification of security of Lenovo as "HP backdoor".

Announced Lenovo a backdoor in the switches and devices of IBM

The backdoor which existence was confirmed by Lenovo allowed to get access to a control interface of the switch with the administrator's rights, using the predetermined credentials unique for each switch. The error could use at an input through ssh, telnet, a serial port or the web interface, in case of accomplishment of certain conditions in combination with a combination from local authentication and authentication through RADIUS or TACACS+. Details about a method of activation of this backdoor are not disclosed.

Using this vulnerability in a switching equipment of IBM and Lenovo, hackers could change settings, including include mirroring and the analysis of traffic, or to break normal work of IT infrastructure of the company. By January, 2018 Lenovo eliminated this backdoor.

Presence of the mechanisms allowing to bypass authentication or authorization is inadmissible for Lenovo and will not be approved with the policy of Lenovo concerning security of products and industrial practice. Lenovo deleted this mechanism from the source code ENOS and released the updated firmware for the mentioned products, said in the statement of the Chinese producer.[1]

Notes