Privilege escalation vulnerabilities in IBM System Networking Switch Center and Lenovo Switch Center
Privilege escalation vulnerabilities in IBM System Networking Switch Center and Lenovo Switch Center
Privilege escalation vulnerabilities in IBM System Networking Switch Center and Lenovo Switch Center
Lenovo Security Advisory:LEN-2015-074, LEN-2746
Potential Impact: Escalation of Privileges
Severity: High
Summary: Multiple vulnerabilities have been identified in the following products:
- Lenovo Switch Center
Description:
Lenovo Switch Center, previously known as IBM System Networking Switch Center before it was acquired by Lenovo as part of its purchase of the IBM x86 server business, is a utility that provides remote monitoring and management of Ethernet and converged switches from Lenovo and IBM. It is designed to simplify and centralize the management of Lenovo and IBM BladeCenter, Flex System and RackSwitch Ethernet and converged switches.
Multiple local privilege escalation vulnerabilities have been identified in these two products: Unprivileged local users may be able to run a command or code with escalated privileges on the system, unauthenticated users may be able to remotely obtain the encrypted administrator password, or the session user ID may be temporarily set to a valid ID used to log in.
Products that are still under a support contract can be upgraded to either IBM System Networking Switch Center 7.3.1.5 or Lenovo Switch Center 8.1.2.0 available from IBM Passport Advantage
Acknowledgements:
Thanks to rgod working with HP’s Zero Day Initiative.Other information and references:
CVE ID: CVE-2015-7817; CVE-2015-7818; CVE-2015-7819;CVE-2015-7820
ZDI Reference: ZDI-CAN-3008; ZDI-CAN-3009; ZDI-CAN-3010; ZDI-CAN-3011; ZDI-CAN-3012
Revision |
Date |
Description |
1.0 | 11/05/2015 | Initial release |
Your feedback helps to improve the overall experience