5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.003 Low
EPSS
Percentile
66.1%
Lenovo Security Advisory: LEN-2015-024 **Potential Impact:**Unauthorized Access; Escalation of Privilege; Denial of Service; Man-in-the-Middle (MitM) Attack ****Severity:****High
Summary:
Multiple security weaknesses were discovered in the ThinkServer System Manager (TSM) Baseboard Management Controller for the *50-series of ThinkServers. These weaknesses were found during an internal security review and corrected. Upgrading to the latest version of TSM is considered an important update and strongly encouraged.
Description:
An internal security review discovered multiple security weaknesses in the ThinkServer System Manager (TSM) Baseboard Management Controller for the *50-series of ThinkServers. If exploited, these weaknesses could result in one or more of the following security impacts:
These weaknesses have been corrected in the TSM v1.27.73476 firmware release for the *50-series of ThinkServers. This update also includes other internal code improvements to further enhance TSM security. You can find the latest version of TSM at the following link: DS102390.
The TSM v1.27.73476 firmware release is considered an important update and its installation is strongly encouraged for all ThinkServer *50-series customers.
Mitigation and Best Practices:
See the “Lenovo ThinkServer System Manager (TSM) Security Best Practices” guide for methods to mitigate against the security weaknesses described in this advisory, as well as other attacks against the TSM.
Affected Products:
**Acknowledgements:**None
Other information and references:
Revision History:
Revision
|
Date
|
Description
—|—|—
1.1 | 05/05/2015 | Added CVE ID
1.0 | 03/24/2015 | Initial release
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.003 Low
EPSS
Percentile
66.1%