Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
lenovoLenovoLENOVO:PS500356-NOSID
HistoryOct 07, 2020 - 3:01 a.m.

Cloud Networking Operating System (CNOS) Vulnerability - Lenovo Support US

2020-10-0703:01:23
support.lenovo.com
14
lenovo
cloud networking operating system
vulnerability
remote code execution
high severity
cve-2020-8349
management interface
upgrade
mitigation strategy

EPSS

0.006

Percentile

78.6%

JSON

**Lenovo Security Advisory:**LEN-44423

**Potential Impact:**Remote code execution

**Severity:**High

**Scope of Impact:**Lenovo-specific

**CVE Identifier:**CVE-2020-8349

Summary Description:

An internal security review has identified an unauthenticated remote code execution vulnerability in CNOS’ optional REST API management interface. This interface is disabled by default and not vulnerable unless enabled. When enabled, it is only vulnerable where attached to a VRF and as allowed by defined ACLs.

Lenovo strongly recommends upgrading to a non-vulnerable CNOS release. Where not possible, Lenovo recommends disabling the REST API management interface or restricting access to the management VRF and further limiting access to authorized management stations via ACL.

Mitigation Strategy for Customers (what you should do to protect yourself):

Upgrade to the CNOS version (or later) indicated for your product, listed below.

Related

cvelist 1
cve 1
lenovo 1
nvd 1
prion 1
cvelist
cvelist
CVE-2020-8349
2020-10-14 21:25:21
cve
cve
CVE-2020-8349
2020-10-14 22:15:13
lenovo
lenovo
Cloud Networking Operating System (CNOS) Vulnerability - Lenovo Support NL
2020-10-07 03:01:23
nvd
nvd
CVE-2020-8349
2020-10-14 22:15:13
prion
prion
Remote code execution
2020-10-14 22:15:00

EPSS

0.006

Percentile

78.6%

JSON
Related for LENOVO:PS500356-NOSID
cvelist1cve1lenovo1nvd1prion1