Monday, January 29, 2018

Lenovo's Long Hardware Vulnerability

During a security audit of Lenovo's Enterprise Network Operating System (ENOS), the audit team discovered a vulnerability dating all the way back to 2004. The vulnerability allows attackers to use a mechanism called "HP Backdoor" to bypass authentication and gain administrator-level access to the network device. The vulnerability was established in a firmware update when the ENOS technology was owned by Nortel Networks, who sold it to IBM in 2010, who then sold it to Lenovo in 2014. Lenovo investigated the circumstances surrounding the firmware update and discovered that the bypass function was intentionally added in 2004 by Nortel at the request of its OEM customer. Lenovo removed the vulnerability from the source code and released updated firmware for all the affected products.

No comments:

Post a Comment