The company has released firmware updates to close the backdoor which it found during an internal security audit of firmware for products added to its portfolio following the acquisitions of other companies. Lenovo says the backdoor affects only RackSwitch and BladeCenter switches running ENOS (Enterprise Network Operating System).
The backdoor was added to ENOS in 2004 when ENOS was maintained by Nortel's Blade Server Switch Business Unit (BSSBU).
Lenovo claims Nortel appears to have authorised the addition of the backdoor "at the request of a BSSBU OEM customer". In a security advisory regarding this issue, Lenovo refers to the backdoor under the name of "HP backdoor".
The backdoor code appears to have remained in the firmware even after Nortel spun BSSBU off in 2006 as BLADE Network Technologies (BNT).
The backdoor also remained in the code even after IBM acquired BNT in 2010. Lenovo bought IBM's BNT portfolio in 2014.