CVE-2020-8349 - OpenCVE

An internal security review has identified an unauthenticated remote code execution vulnerability in Cloud Networking Operating System (CNOS)’ optional REST API management interface. This interface is disabled by default and not vulnerable unless enabled. When enabled, it is only vulnerable where attached to a VRF and as allowed by defined ACLs. Lenovo strongly recommends upgrading to a non-vulnerable CNOS release. Where not possible, Lenovo recommends disabling the REST API management interface or restricting access to the management VRF and further limiting access to authorized management stations via ACL.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Lenovo	Rackswitch Ne1072t Cloud Networking Operating System Rackswitch Ne1032t Rackswitch G8272 Rackswitch G8296 Rackswitch Ne0152t Rackswitch Ne10032 Rackswitch Ne1032 Rackswitch G8332 Rackswitch Ne2572

Configuration 1 [-]

AND

cpe:2.3:o:lenovo:cloud_networking_operating_system:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:lenovo:rackswitch_g8272:-:::::::*
	cpe:2.3:h:lenovo:rackswitch_g8296:-:::::::*
	cpe:2.3:h:lenovo:rackswitch_g8332:-:::::::*
	cpe:2.3:h:lenovo:rackswitch_ne0152t:-:::::::*
	cpe:2.3:h:lenovo:rackswitch_ne10032:-:::::::*
	cpe:2.3:h:lenovo:rackswitch_ne1032:-:::::::*
	cpe:2.3:h:lenovo:rackswitch_ne1032t:-:::::::*
	cpe:2.3:h:lenovo:rackswitch_ne1072t:-:::::::*
	cpe:2.3:h:lenovo:rackswitch_ne2572:-:::::::*

References

Link	Resource
https://support.lenovo.com/us/en/product_security/LEN-44423	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: lenovo

Published: 2020-10-14T21:25:21

Updated: 2020-10-14T21:25:20

Reserved: 2020-01-28T00:00:00

Link: CVE-2020-8349

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-10-14T22:15:13.653

Modified: 2020-10-29T19:52:24.333

Link: CVE-2020-8349

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "Cloud Networking Operating System (CNOS)", "vendor": "Lenovo", "versions": [{"lessThan": "10.10.6.0", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "An internal security review has identified an unauthenticated remote code execution vulnerability in Cloud Networking Operating System (CNOS)\u2019 optional REST API management interface. This interface is disabled by default and not vulnerable unless enabled. When enabled, it is only vulnerable where attached to a VRF and as allowed by defined ACLs. Lenovo strongly recommends upgrading to a non-vulnerable CNOS release. Where not possible, Lenovo recommends disabling the REST API management interface or restricting access to the management VRF and further limiting access to authorized management stations via ACL."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-10-14T21:25:20", "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://support.lenovo.com/us/en/product_security/LEN-44423"}], "solutions": [{"lang": "en", "value": "Upgrade to the CNOS version 10.10.6.0 or later."}], "source": {"advisory": "LEN-44423", "discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@lenovo.com", "ID": "CVE-2020-8349", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cloud Networking Operating System (CNOS)", "version": {"version_data": [{"version_affected": "<", "version_value": "10.10.6.0"}]}}]}, "vendor_name": "Lenovo"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An internal security review has identified an unauthenticated remote code execution vulnerability in Cloud Networking Operating System (CNOS)\u2019 optional REST API management interface. This interface is disabled by default and not vulnerable unless enabled. When enabled, it is only vulnerable where attached to a VRF and as allowed by defined ACLs. Lenovo strongly recommends upgrading to a non-vulnerable CNOS release. Where not possible, Lenovo recommends disabling the REST API management interface or restricting access to the management VRF and further limiting access to authorized management stations via ACL."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-20 Improper Input Validation"}]}]}, "references": {"reference_data": [{"name": "https://support.lenovo.com/us/en/product_security/LEN-44423", "refsource": "MISC", "url": "https://support.lenovo.com/us/en/product_security/LEN-44423"}]}, "solution": [{"lang": "en", "value": "Upgrade to the CNOS version 10.10.6.0 or later."}], "source": {"advisory": "LEN-44423", "discovery": "UNKNOWN"}}}}, "cveMetadata": {"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "assignerShortName": "lenovo", "cveId": "CVE-2020-8349", "datePublished": "2020-10-14T21:25:21", "dateReserved": "2020-01-28T00:00:00", "dateUpdated": "2020-10-14T21:25:20", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:cloud_networking_operating_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "144A51B2-76BD-432F-B88A-65319FAEFFD0", "versionEndExcluding": "10.10.6.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:rackswitch_g8272:-:*:*:*:*:*:*:*", "matchCriteriaId": "DB8AF1A2-AC14-46E3-BCF1-41C48F0D45BA", "vulnerable": false}, {"criteria": "cpe:2.3:h:lenovo:rackswitch_g8296:-:*:*:*:*:*:*:*", "matchCriteriaId": "B3C14274-E752-4FCF-96DE-8EE02D07BB48", "vulnerable": false}, {"criteria": "cpe:2.3:h:lenovo:rackswitch_g8332:-:*:*:*:*:*:*:*", "matchCriteriaId": "B8D47782-1C9C-4C89-852C-637E09CB9E20", "vulnerable": false}, {"criteria": "cpe:2.3:h:lenovo:rackswitch_ne0152t:-:*:*:*:*:*:*:*", "matchCriteriaId": "D78FFD69-80A3-4D6B-AEC2-FFA6192454D0", "vulnerable": false}, {"criteria": "cpe:2.3:h:lenovo:rackswitch_ne10032:-:*:*:*:*:*:*:*", "matchCriteriaId": "EF898320-239A-42C1-BB49-75402894064B", "vulnerable": false}, {"criteria": "cpe:2.3:h:lenovo:rackswitch_ne1032:-:*:*:*:*:*:*:*", "matchCriteriaId": "8CB91FF4-B209-4810-95EB-0112963247ED", "vulnerable": false}, {"criteria": "cpe:2.3:h:lenovo:rackswitch_ne1032t:-:*:*:*:*:*:*:*", "matchCriteriaId": "C1C531F7-AEA1-4AAE-AD7D-7416EE85E1F5", "vulnerable": false}, {"criteria": "cpe:2.3:h:lenovo:rackswitch_ne1072t:-:*:*:*:*:*:*:*", "matchCriteriaId": "A5BA1E79-AA8B-4CDB-872C-21B16FB65124", "vulnerable": false}, {"criteria": "cpe:2.3:h:lenovo:rackswitch_ne2572:-:*:*:*:*:*:*:*", "matchCriteriaId": "0B5A57CB-32B7-4658-8B35-E54DBFAABC24", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "An internal security review has identified an unauthenticated remote code execution vulnerability in Cloud Networking Operating System (CNOS)\u2019 optional REST API management interface. This interface is disabled by default and not vulnerable unless enabled. When enabled, it is only vulnerable where attached to a VRF and as allowed by defined ACLs. Lenovo strongly recommends upgrading to a non-vulnerable CNOS release. Where not possible, Lenovo recommends disabling the REST API management interface or restricting access to the management VRF and further limiting access to authorized management stations via ACL."}, {"lang": "es", "value": "Una revisi\u00f3n de seguridad interna identific\u00f3 una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remota no autenticada en la interfaz de administraci\u00f3n de la API REST opcional de Cloud Networking Operating System (CNOS)\u2019. Esta interfaz est\u00e1 deshabilitada por defecto y no es vulnerable a menos que est\u00e9 habilitada. Cuando est\u00e1 habilitada, solo es vulnerable cuando est\u00e1 conectado a un VRF y seg\u00fan lo permitan las ACL definidas. Lenovo recomienda encarecidamente actualizar a una versi\u00f3n CNOS no vulnerable. Cuando no sea posible, Lenovo recomienda deshabilitar la interfaz de administraci\u00f3n de la API REST o restringir el acceso al VRF de administraci\u00f3n y limitar a\u00fan m\u00e1s el acceso a las estaciones de administraci\u00f3n autorizadas mediante ACL"}], "id": "CVE-2020-8349", "lastModified": "2020-10-29T19:52:24.333", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "psirt@lenovo.com", "type": "Secondary"}]}, "published": "2020-10-14T22:15:13.653", "references": [{"source": "psirt@lenovo.com", "tags": ["Vendor Advisory"], "url": "https://support.lenovo.com/us/en/product_security/LEN-44423"}], "sourceIdentifier": "psirt@lenovo.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-20"}], "source": "psirt@lenovo.com", "type": "Secondary"}]}