Lenovo engineers discovered and removed a backdoor in the firmware of their RackSwitch and BladeCenter network switches. The problem was discovered during an internal security audit of products that appeared in Lenovo’s portfolio after it acquired several companies. Last week, the manufacturer released an update firmware, removing the backdoor.
Backdoor was present only in RackSwitch and BladeCenter switches running ENOS (Enterprise Network Operating System). The backdoor was added to ENOS in 2004, when the support of the OS was handled by the Blade Server Switch Business Unit (BSSBU) of the Canadian company Nortel. As explained in Lenovo, Nortel approved the introduction of the backdoor “at the request of the client BSSBU”. In the Lenovo Security Notice, the backdoor is referred to as the “HP backdoor”.
Third-party code was present in ENOS even after the BSSBU division in 2006 turned into a separate company BLADE Network Technologies (BNT). When in 2010 BNT was bought by IBM, the backdoor still remained in the firmware. Lenovo acquired the IBM BNT portfolio in 2014.
“The presence of mechanisms that circumvent authentication or authorization is unacceptable for Lenovo and is inconsistent with Lenovo’s policy regarding product safety and industrial practices. Lenovo removed this mechanism from the source code of ENOS and released an updated firmware for the affected products, “the company said.
The so-called “HP backdoor” is not a hidden account, but a whole mechanism for circumventing authorization, which occurs under strictly defined conditions. The vulnerability was identified by the identifier CVE-2017-3765.
This is not the first controversy in Lenovo’s history. Superfish, which injected adware into PCs and posed a massive security risk by including a self-signing software that could hijack SSL and TLS connections, just wrapped up with Lenovo owing the FTC 3.5 million dollars.