Lucene search

MitreCVE-2015-3322

HistoryApr 16, 2015 - 11:59 p.m.

CVE-2015-3322

2015-04-1623:59:03

CWE-310

mitre

web.nvd.nist.gov

cve-2015-3322

lenovo

thinkserver

rd350

rd450

rd550

rd650

td350

weak encryption

bios passwords

security vulnerability

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.7

Confidence

Low

EPSS

0.001

Percentile

35.3%

JSON

Lenovo ThinkServer RD350, RD450, RD550, RD650, and TD350 servers before 1.26.0 use weak encryption to store (1) user and (2) administrator BIOS passwords, which allows attackers to decrypt the passwords via unspecified vectors.

Affected configurations

Nvd

Node

lenovothinkserver_rd650_firmwareRange≤1.25.0

AND

lenovothinkserver_rd650

Node

lenovothinkserver_td350_firmwareRange≤1.25.0

AND

lenovothinkserver_td350

Node

lenovothinkserver_rd350_firmwareRange≤1.25.0

AND

lenovothinkserver_rd350

Node

lenovothinkserver_rd550_firmwareRange≤1.25.0

AND

lenovothinkserver_rd550

Node

lenovothinkserver_rd450_firmwareRange≤1.25.0

AND

lenovothinkserver_rd450

VendorProductVersionCPE
lenovothinkserver_rd650_firmware*cpe:2.3:o:lenovo:thinkserver_rd650_firmware:*:*:*:*:*:*:*:*
lenovothinkserver_rd650*cpe:2.3:h:lenovo:thinkserver_rd650:*:*:*:*:*:*:*:*
lenovothinkserver_td350_firmware*cpe:2.3:o:lenovo:thinkserver_td350_firmware:*:*:*:*:*:*:*:*
lenovothinkserver_td350*cpe:2.3:h:lenovo:thinkserver_td350:*:*:*:*:*:*:*:*
lenovothinkserver_rd350_firmware*cpe:2.3:o:lenovo:thinkserver_rd350_firmware:*:*:*:*:*:*:*:*
lenovothinkserver_rd350*cpe:2.3:h:lenovo:thinkserver_rd350:*:*:*:*:*:*:*:*
lenovothinkserver_rd550_firmware*cpe:2.3:o:lenovo:thinkserver_rd550_firmware:*:*:*:*:*:*:*:*
lenovothinkserver_rd550*cpe:2.3:h:lenovo:thinkserver_rd550:*:*:*:*:*:*:*:*
lenovothinkserver_rd450_firmware*cpe:2.3:o:lenovo:thinkserver_rd450_firmware:*:*:*:*:*:*:*:*
lenovothinkserver_rd450*cpe:2.3:h:lenovo:thinkserver_rd450:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
lenovo	thinkserver_rd650_firmware	*	cpe:2.3:o:lenovo:thinkserver_rd650_firmware::::::::
lenovo	thinkserver_rd650	*	cpe:2.3:h:lenovo:thinkserver_rd650::::::::
lenovo	thinkserver_td350_firmware	*	cpe:2.3:o:lenovo:thinkserver_td350_firmware::::::::
lenovo	thinkserver_td350	*	cpe:2.3:h:lenovo:thinkserver_td350::::::::
lenovo	thinkserver_rd350_firmware	*	cpe:2.3:o:lenovo:thinkserver_rd350_firmware::::::::
lenovo	thinkserver_rd350	*	cpe:2.3:h:lenovo:thinkserver_rd350::::::::
lenovo	thinkserver_rd550_firmware	*	cpe:2.3:o:lenovo:thinkserver_rd550_firmware::::::::
lenovo	thinkserver_rd550	*	cpe:2.3:h:lenovo:thinkserver_rd550::::::::
lenovo	thinkserver_rd450_firmware	*	cpe:2.3:o:lenovo:thinkserver_rd450_firmware::::::::
lenovo	thinkserver_rd450	*	cpe:2.3:h:lenovo:thinkserver_rd450::::::::

References

www.securityfocus.com/bid/74198

support.lenovo.com/us/en/product_security/ts_bios_pw

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.7

Confidence

Low

EPSS

0.001

Percentile

35.3%

JSON

Related for CVE-2015-3322