Lenovo researchers have found a backdoor in the firmware of RackSwitch and BladeCenter networking switches. They found the backdoor after an internal security examination of the firmware. The Chinese company has provided relevant source code to a third-party security partner to enable independent investigation of the mechanism.
The backdoor was appended to ENOS (Enterprise Network Operating System) in 2004 when ENOS was maintained by Nortel’s Blade Server Switch Business Unit (BSSBU).
“ENOS, or Enterprise Network Operating System, is the firmware that powers some Lenovo and IBM RackSwitch and BladeCenter switches. An authentication bypass mechanism known as “HP Backdoor” was discovered during a Lenovo security audit in the Telnet and Serial Console management interfaces, as well as the SSH and Web management interfaces under certain limited and unlikely conditions. “
This issue (tracked under the CVE-2017-3765 identifier) could allow hackers to obtain access to the switch management interface, allowing settings modifications that could result in revealing traffic passing through the switch, subtle malfunctions in the attached infrastructure, and partial or full denial of service (DoS).
The company is not aware of this mechanism being exploited, but they assume that its existence is known, and users are recommended to upgrade the firmware to fix this issue.