CVE-2015-3322

Lenovo ThinkServer RD350, RD450, RD550, RD650, and TD350 servers before 1.26.0 use weak encryption to store (1) user and (2) administrator BIOS passwords, which allows attackers to decrypt the passwords via unspecified vectors.
References
Link Resource
http://www.securityfocus.com/bid/74198 Third Party Advisory VDB Entry
https://support.lenovo.com/us/en/product_security/ts_bios_pw Patch Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:lenovo:thinkserver_rd650_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkserver_rd650:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:lenovo:thinkserver_td350_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkserver_td350:*:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:lenovo:thinkserver_rd350_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkserver_rd350:*:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:lenovo:thinkserver_rd550_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkserver_rd550:*:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:lenovo:thinkserver_rd450_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkserver_rd450:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2015-04-16 23:59

Updated : 2024-02-28 12:20


NVD link : CVE-2015-3322

Mitre link : CVE-2015-3322

CVE.ORG link : CVE-2015-3322


JSON object : View

Products Affected

lenovo

  • thinkserver_rd450_firmware
  • thinkserver_rd450
  • thinkserver_rd350_firmware
  • thinkserver_rd550_firmware
  • thinkserver_rd650_firmware
  • thinkserver_td350_firmware
  • thinkserver_td350
  • thinkserver_rd550
  • thinkserver_rd650
  • thinkserver_rd350
CWE
CWE-310

Cryptographic Issues