Some ThinkServer systems may be reset to default configurations during prolonged broadcast storm - us

Lenovo Security Advisory: LEN-9307

Potential Impact: Reset of TSM to defaults

**Severity:**High

**Scope of Impact:**Lenovo specific

**CVE Identifier:**CVE-2016-8236

Summary Description:

A vulnerability was identified on certain Lenovo ThinkServer systems where the ThinkServer System Manager (TSM) may reset to its default configuration if a prolonged broadcast storm occurs on the local area network segment that the TSM is connected to. When this occurs, the username and password will be set to the defaults and all configuration settings will be reset.

The TSM is equipped with a watchdog timer that will reboot the TSM if it detects that it has hung. If multiple reboots in quick succession are triggered by this timer, the TSM is configured to reset to defaults as a means of recovering the TSM to a baseline operational state. In this issue, this behavior was triggered by a broadcast storm that consumed TSM resources. The firmware update addresses this behavior.

Mitigation Strategy for Customers (what you should do to protect yourself):

Update your TSM to the latest level of firmware by following the links below.