Lucene search

[email protected]CVE-2015-3322

HistoryApr 16, 2015 - 11:59 p.m.

CVE-2015-3322

2015-04-1623:59:03

CWE-310

[email protected]

web.nvd.nist.gov

cve-2015-3322

lenovo

thinkserver

rd350

rd450

rd550

rd650

td350

weak encryption

bios passwords

security vulnerability

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.7 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

35.6%

JSON

Lenovo ThinkServer RD350, RD450, RD550, RD650, and TD350 servers before 1.26.0 use weak encryption to store (1) user and (2) administrator BIOS passwords, which allows attackers to decrypt the passwords via unspecified vectors.

Affected configurations

NVD

Node

lenovothinkserver_rd650_firmwareRange≤1.25.0

AND

lenovothinkserver_rd650

Node

lenovothinkserver_td350_firmwareRange≤1.25.0

AND

lenovothinkserver_td350

Node

lenovothinkserver_rd350_firmwareRange≤1.25.0

AND

lenovothinkserver_rd350

Node

lenovothinkserver_rd550_firmwareRange≤1.25.0

AND

lenovothinkserver_rd550

Node

lenovothinkserver_rd450_firmwareRange≤1.25.0

AND

lenovothinkserver_rd450

CPENameOperatorVersion
lenovo:thinkserver_rd650_firmwarelenovo thinkserver rd650 firmwarele1.25.0
lenovo:thinkserver_rd650lenovo thinkserver rd650eq*

CPE	Name	Operator	Version
lenovo:thinkserver_rd650_firmware	lenovo thinkserver rd650 firmware	le	1.25.0
lenovo:thinkserver_rd650	lenovo thinkserver rd650	eq	*

References

www.securityfocus.com/bid/74198

support.lenovo.com/us/en/product_security/ts_bios_pw

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.7 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

35.6%

JSON

Related for CVE-2015-3322

prion1 cvelist1 nvd1 lenovo2