Lenovo patched a flaw in its networking operating system dating back to 2004 that allowed attackers to perform an authentication bypass attack via a mechanism called “HP Backdoor.” If exploited, an attacker could gain admin-level access on affected switches, Lenovo said.
The vulnerability is rated “high” and tied to Lenovo’s Enterprise Networking Operating System (ENOS), used in Lenovo and IBM RackSwitch and BladeCenter products.
Lenovo said the vulnerability was introduced to affected switches via a firmware update 14 years ago by the now-defunct Nortel Networks and its blade server and switch business unit. In 2010, Nortel sold the business unit to IBM who then sold it to Lenovo in 2014.
