Attackers with physical access to Lenovo RackSwitches may be able to upload unsigned firmware

2016-06-27T00:00:00
ID LENOVO:PS500059-NOSID
Type lenovo
Reporter Lenovo
Modified 2016-06-27T00:00:00

Description

Lenovo Security Advisory: *LEN-7805
Potential Impact: Attackers with physical access may be able to upload unsigned firmware
Severity: Medium
*Scope of Impact: Lenovo

Summary Description:
During internal testing, Lenovo identified a vulnerability in some Lenovo RackSwitch Ethernet switches where an attacker with physical access to the USB interface may be able to bypass internal checks when the switch is running at certain firmware levels and upload unsigned firmware. In addition to a specially crafted firmware image, the attacker would also need a valid administrative account to log in to the switch, or would need to take the switch offline by power cycling the switch to successfully exploit this vulnerability.

Mitigation Strategy for Customers (what you should do to protect yourself):
Lenovo recommends customers update to the latest version of firmware for their switch by downloading the software available at the links below. Customers unable to patch should restrict physical access to the switch and monitor for and investigate unexpected reboots of the switch.