The back door was implanted in 2004
Lenovo said the back door only affects RackSwitch and BladeCenter switches running ENOS (Enterprise Network Operating System).
This back door was added to the ENOS system in 2004 when ENOS was supplied by Nortel Networks BladeserverThe switch business unit (BSSBU) is responsible for maintenance. Lenovo said Nortel Networks seems to have authorized "BSSBU OEM customers" to join the backdoor's request. In the security advisory on this issue, Lenovo also mentioned a back door called "HP backdoor."
In 2006, Nortel Networks closed the BSSBU business unit, which was transformed into BLADE Network Technologies (BNT), but the backdoor code still seems to be retained in the firmware.
Even in 2010, IBM acquired the BNT company, the back door still remain in the code. Until 2014, Lenovo acquired the IBM BNT product portfolio.
Post updates for Lenovo and IBM switches
"There is a mechanism that bypasses authentication or authorization and is unacceptable to Lenovo and does not comply with Lenovo product safety or industry practices.Lenovo has removed the backdoor from the ENOS source code and released firmware for the affected product Updated. "
Firmware Updates New switches for the Lenovo brand are also available for older ENOS branded IBM switches that are still in circulation and operating in the market. Lenovo's security bulletin also provides a list of switch products for firmware updates as well as download links for firmware updates.
In the meantime, Lenovo also said no backdoors were found in CNOS (cloud network operating system), so switches running the operating system are secure.
Backdoors are hard to use
In fact, the back door, which is called HP backdoor, is not a hidden account, but a bypassing of the authorization mechanism and the ability to do it even under very tight conditions.
Through SSH, Telnet, web interface and serial console, RackSwitch and BladeCenter switches can support a variety of authentication methods. Hackers can take advantage of this backdoor and bypass authentication when the affected switch starts a variety of authentication mechanisms, or when security is turned on or off. However, if customers using these switches do not have immediate access to firmware updates, there are some mitigations that can be taken to prevent the back door from being started.
This vulnerability number is CVE-2017-3765, follow-up will follow this number for further tracking.