CVE-2015-3322

2015-04-1623:59:03

CWE-310

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.5

Confidence

Low

EPSS

0.001

Percentile

35.3%

JSON

Lenovo ThinkServer RD350, RD450, RD550, RD650, and TD350 servers before 1.26.0 use weak encryption to store (1) user and (2) administrator BIOS passwords, which allows attackers to decrypt the passwords via unspecified vectors.

Affected configurations

Nvd

Node

lenovothinkserver_rd650_firmwareRange≤1.25.0

AND

lenovothinkserver_rd650

Node

lenovothinkserver_td350_firmwareRange≤1.25.0

AND

lenovothinkserver_td350

Node

lenovothinkserver_rd350_firmwareRange≤1.25.0

AND

lenovothinkserver_rd350

Node

lenovothinkserver_rd550_firmwareRange≤1.25.0

AND

lenovothinkserver_rd550

Node

lenovothinkserver_rd450_firmwareRange≤1.25.0

AND

lenovothinkserver_rd450

VendorProductVersionCPE
lenovothinkserver_rd650_firmware*cpe:2.3:o:lenovo:thinkserver_rd650_firmware:*:*:*:*:*:*:*:*
lenovothinkserver_rd650*cpe:2.3:h:lenovo:thinkserver_rd650:*:*:*:*:*:*:*:*
lenovothinkserver_td350_firmware*cpe:2.3:o:lenovo:thinkserver_td350_firmware:*:*:*:*:*:*:*:*
lenovothinkserver_td350*cpe:2.3:h:lenovo:thinkserver_td350:*:*:*:*:*:*:*:*
lenovothinkserver_rd350_firmware*cpe:2.3:o:lenovo:thinkserver_rd350_firmware:*:*:*:*:*:*:*:*
lenovothinkserver_rd350*cpe:2.3:h:lenovo:thinkserver_rd350:*:*:*:*:*:*:*:*
lenovothinkserver_rd550_firmware*cpe:2.3:o:lenovo:thinkserver_rd550_firmware:*:*:*:*:*:*:*:*
lenovothinkserver_rd550*cpe:2.3:h:lenovo:thinkserver_rd550:*:*:*:*:*:*:*:*
lenovothinkserver_rd450_firmware*cpe:2.3:o:lenovo:thinkserver_rd450_firmware:*:*:*:*:*:*:*:*
lenovothinkserver_rd450*cpe:2.3:h:lenovo:thinkserver_rd450:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
lenovo	thinkserver_rd650_firmware	*	cpe:2.3:o:lenovo:thinkserver_rd650_firmware::::::::
lenovo	thinkserver_rd650	*	cpe:2.3:h:lenovo:thinkserver_rd650::::::::
lenovo	thinkserver_td350_firmware	*	cpe:2.3:o:lenovo:thinkserver_td350_firmware::::::::
lenovo	thinkserver_td350	*	cpe:2.3:h:lenovo:thinkserver_td350::::::::
lenovo	thinkserver_rd350_firmware	*	cpe:2.3:o:lenovo:thinkserver_rd350_firmware::::::::
lenovo	thinkserver_rd350	*	cpe:2.3:h:lenovo:thinkserver_rd350::::::::
lenovo	thinkserver_rd550_firmware	*	cpe:2.3:o:lenovo:thinkserver_rd550_firmware::::::::
lenovo	thinkserver_rd550	*	cpe:2.3:h:lenovo:thinkserver_rd550::::::::
lenovo	thinkserver_rd450_firmware	*	cpe:2.3:o:lenovo:thinkserver_rd450_firmware::::::::
lenovo	thinkserver_rd450	*	cpe:2.3:h:lenovo:thinkserver_rd450::::::::