cvelistv5 - cve-2015-3322

cve-2015-3322

Vulnerability from cvelistv5

Published

2015-04-16 23:00

Modified

2024-08-06 05:47

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://www.securityfocus.com/bid/74198	Third Party Advisory, VDB Entry
cve@mitre.org	https://support.lenovo.com/us/en/product_security/ts_bios_pw	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/74198	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://support.lenovo.com/us/en/product_security/ts_bios_pw	Patch, Vendor Advisory

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T05:47:56.259Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.lenovo.com/us/en/product_security/ts_bios_pw"
          },
          {
            "name": "74198",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/74198"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-03-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Lenovo ThinkServer RD350, RD450, RD550, RD650, and TD350 servers before 1.26.0 use weak encryption to store (1) user and (2) administrator BIOS passwords, which allows attackers to decrypt the passwords via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-01-12T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.lenovo.com/us/en/product_security/ts_bios_pw"
        },
        {
          "name": "74198",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/74198"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-3322",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Lenovo ThinkServer RD350, RD450, RD550, RD650, and TD350 servers before 1.26.0 use weak encryption to store (1) user and (2) administrator BIOS passwords, which allows attackers to decrypt the passwords via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.lenovo.com/us/en/product_security/ts_bios_pw",
              "refsource": "CONFIRM",
              "url": "https://support.lenovo.com/us/en/product_security/ts_bios_pw"
            },
            {
              "name": "74198",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/74198"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-3322",
    "datePublished": "2015-04-16T23:00:00",
    "dateReserved": "2015-04-16T00:00:00",
    "dateUpdated": "2024-08-06T05:47:56.259Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:lenovo:thinkserver_rd650_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.25.0\", \"matchCriteriaId\": \"E9CA62C6-C274-4A02-BA07-14F3093C441F\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:lenovo:thinkserver_rd650:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B688F4B0-E786-48BE-8BF0-5D7264B2EEF5\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:lenovo:thinkserver_td350_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.25.0\", \"matchCriteriaId\": \"BE5005E6-8AC3-4E3A-95B0-5874F3BC7970\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:lenovo:thinkserver_td350:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"95E0DD7E-CC62-4384-91D4-7B2128780F7F\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:lenovo:thinkserver_rd350_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.25.0\", \"matchCriteriaId\": \"614188E7-FB1D-41A5-B563-A484B1872DA3\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:lenovo:thinkserver_rd350:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5FAF28D1-5E43-4528-A92B-960AD7366A58\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:lenovo:thinkserver_rd550_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.25.0\", \"matchCriteriaId\": \"57D10220-9E77-4E53-8861-D6012DC0F084\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:lenovo:thinkserver_rd550:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"85F39E5A-4EB8-4581-8B40-F825E01B6D4F\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:lenovo:thinkserver_rd450_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.25.0\", \"matchCriteriaId\": \"46B2325F-2B5E-4ABF-9B60-A51A0433C0B2\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:lenovo:thinkserver_rd450:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E95F55A1-5D77-4D50-8D7F-EEC134451013\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Lenovo ThinkServer RD350, RD450, RD550, RD650, and TD350 servers before 1.26.0 use weak encryption to store (1) user and (2) administrator BIOS passwords, which allows attackers to decrypt the passwords via unspecified vectors.\"}, {\"lang\": \"es\", \"value\": \"Servidores Lenovo ThinkServer RD350, RD450, RD550, RD650 y TD350 en versiones anteriores a 1.26.0 utiliza cifrado d\\u00e9bil para almacenar contrase\\u00f1as BIOS de (1) usuario y (2) administrador, lo que permite a atacantes descifrar las contrase\\u00f1as a trav\\u00e9s de vectores no especificados.\"}]",
      "id": "CVE-2015-3322",
      "lastModified": "2024-11-21T02:29:09.507",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2015-04-16T23:59:03.557",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/74198\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://support.lenovo.com/us/en/product_security/ts_bios_pw\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/74198\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://support.lenovo.com/us/en/product_security/ts_bios_pw\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-310\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2015-3322\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2015-04-16T23:59:03.557\",\"lastModified\":\"2024-11-21T02:29:09.507\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Lenovo ThinkServer RD350, RD450, RD550, RD650, and TD350 servers before 1.26.0 use weak encryption to store (1) user and (2) administrator BIOS passwords, which allows attackers to decrypt the passwords via unspecified vectors.\"},{\"lang\":\"es\",\"value\":\"Servidores Lenovo ThinkServer RD350, RD450, RD550, RD650 y TD350 en versiones anteriores a 1.26.0 utiliza cifrado d\u00e9bil para almacenar contrase\u00f1as BIOS de (1) usuario y (2) administrador, lo que permite a atacantes descifrar las contrase\u00f1as a trav\u00e9s de vectores no especificados.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-310\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lenovo:thinkserver_rd650_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.25.0\",\"matchCriteriaId\":\"E9CA62C6-C274-4A02-BA07-14F3093C441F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:lenovo:thinkserver_rd650:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B688F4B0-E786-48BE-8BF0-5D7264B2EEF5\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lenovo:thinkserver_td350_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.25.0\",\"matchCriteriaId\":\"BE5005E6-8AC3-4E3A-95B0-5874F3BC7970\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:lenovo:thinkserver_td350:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"95E0DD7E-CC62-4384-91D4-7B2128780F7F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lenovo:thinkserver_rd350_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.25.0\",\"matchCriteriaId\":\"614188E7-FB1D-41A5-B563-A484B1872DA3\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:lenovo:thinkserver_rd350:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5FAF28D1-5E43-4528-A92B-960AD7366A58\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lenovo:thinkserver_rd550_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.25.0\",\"matchCriteriaId\":\"57D10220-9E77-4E53-8861-D6012DC0F084\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:lenovo:thinkserver_rd550:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"85F39E5A-4EB8-4581-8B40-F825E01B6D4F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lenovo:thinkserver_rd450_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.25.0\",\"matchCriteriaId\":\"46B2325F-2B5E-4ABF-9B60-A51A0433C0B2\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:lenovo:thinkserver_rd450:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E95F55A1-5D77-4D50-8D7F-EEC134451013\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/74198\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://support.lenovo.com/us/en/product_security/ts_bios_pw\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/74198\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://support.lenovo.com/us/en/product_security/ts_bios_pw\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
  }
}

fkie_cve-2015-3322

Vulnerability from fkie_nvd

Published

2015-04-16 23:59

Modified

2024-11-21 02:29

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://www.securityfocus.com/bid/74198	Third Party Advisory, VDB Entry
cve@mitre.org	https://support.lenovo.com/us/en/product_security/ts_bios_pw	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/74198	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://support.lenovo.com/us/en/product_security/ts_bios_pw	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
lenovo	thinkserver_rd650_firmware	*
lenovo	thinkserver_rd650	*
lenovo	thinkserver_td350_firmware	*
lenovo	thinkserver_td350	*
lenovo	thinkserver_rd350_firmware	*
lenovo	thinkserver_rd350	*
lenovo	thinkserver_rd550_firmware	*
lenovo	thinkserver_rd550	*
lenovo	thinkserver_rd450_firmware	*
lenovo	thinkserver_rd450	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:lenovo:thinkserver_rd650_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9CA62C6-C274-4A02-BA07-14F3093C441F",
              "versionEndIncluding": "1.25.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:lenovo:thinkserver_rd650:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B688F4B0-E786-48BE-8BF0-5D7264B2EEF5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:lenovo:thinkserver_td350_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE5005E6-8AC3-4E3A-95B0-5874F3BC7970",
              "versionEndIncluding": "1.25.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:lenovo:thinkserver_td350:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "95E0DD7E-CC62-4384-91D4-7B2128780F7F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:lenovo:thinkserver_rd350_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "614188E7-FB1D-41A5-B563-A484B1872DA3",
              "versionEndIncluding": "1.25.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:lenovo:thinkserver_rd350:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FAF28D1-5E43-4528-A92B-960AD7366A58",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:lenovo:thinkserver_rd550_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "57D10220-9E77-4E53-8861-D6012DC0F084",
              "versionEndIncluding": "1.25.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:lenovo:thinkserver_rd550:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "85F39E5A-4EB8-4581-8B40-F825E01B6D4F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:lenovo:thinkserver_rd450_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "46B2325F-2B5E-4ABF-9B60-A51A0433C0B2",
              "versionEndIncluding": "1.25.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:lenovo:thinkserver_rd450:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E95F55A1-5D77-4D50-8D7F-EEC134451013",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Lenovo ThinkServer RD350, RD450, RD550, RD650, and TD350 servers before 1.26.0 use weak encryption to store (1) user and (2) administrator BIOS passwords, which allows attackers to decrypt the passwords via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Servidores Lenovo ThinkServer RD350, RD450, RD550, RD650 y TD350 en versiones anteriores a 1.26.0 utiliza cifrado d\u00e9bil para almacenar contrase\u00f1as BIOS de (1) usuario y (2) administrador, lo que permite a atacantes descifrar las contrase\u00f1as a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2015-3322",
  "lastModified": "2024-11-21T02:29:09.507",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-04-16T23:59:03.557",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/74198"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://support.lenovo.com/us/en/product_security/ts_bios_pw"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/74198"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://support.lenovo.com/us/en/product_security/ts_bios_pw"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-310"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ghsa-v866-q839-9cm4

Vulnerability from github

Published

2022-05-17 03:05

Modified

2022-05-17 03:05

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-3322"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-04-16T23:59:00Z",
    "severity": "MODERATE"
  },
  "details": "Lenovo ThinkServer RD350, RD450, RD550, RD650, and TD350 servers before 1.26.0 use weak encryption to store (1) user and (2) administrator BIOS passwords, which allows attackers to decrypt the passwords via unspecified vectors.",
  "id": "GHSA-v866-q839-9cm4",
  "modified": "2022-05-17T03:05:00Z",
  "published": "2022-05-17T03:05:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3322"
    },
    {
      "type": "WEB",
      "url": "https://support.lenovo.com/us/en/product_security/ts_bios_pw"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/74198"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Lenovo ThinkServer RD350, RD450, RD550, RD650, and TD350 servers before 1.26.0 use weak encryption to store (1) user and (2) administrator BIOS passwords, which allows attackers to decrypt the passwords via unspecified vectors. The Lenovo ThinkServer RD350, RD450, RD550, RD650 and TD350 are all rack-mounted server products from Lenovo. An attacker could exploit the vulnerability to crack a password. Multiple Lenovo products are prone to a BIOS password encryption weakness. A security vulnerability exists in several Lenovo ThinkServer product servers. The following products are affected: Lenovo ThinkServer RD350 prior to 1.26.0, RD450 prior to 1.26.0, RD550 prior to 1.26.0, RD650 prior to 1.26.0, TD350 prior to 1.26.0

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201504-0449",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "thinkserver td350",
        "scope": "lt",
        "trust": 1.4,
        "vendor": "lenovo",
        "version": "1.26.0"
      },
      {
        "model": "thinkserver rd650",
        "scope": "lt",
        "trust": 1.4,
        "vendor": "lenovo",
        "version": "1.26.0"
      },
      {
        "model": "thinkserver rd550",
        "scope": "lt",
        "trust": 1.4,
        "vendor": "lenovo",
        "version": "1.26.0"
      },
      {
        "model": "thinkserver rd450",
        "scope": "lt",
        "trust": 1.4,
        "vendor": "lenovo",
        "version": "1.26.0"
      },
      {
        "model": "thinkserver rd350",
        "scope": "lt",
        "trust": 1.4,
        "vendor": "lenovo",
        "version": "1.26.0"
      },
      {
        "model": "thinkserver rd350",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "lenovo",
        "version": "1.25.0"
      },
      {
        "model": "thinkserver rd550",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "lenovo",
        "version": "*"
      },
      {
        "model": "thinkserver rd550",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "lenovo",
        "version": "1.25.0"
      },
      {
        "model": "thinkserver rd450",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "lenovo",
        "version": "*"
      },
      {
        "model": "thinkserver td350",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "lenovo",
        "version": "*"
      },
      {
        "model": "thinkserver rd350",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "lenovo",
        "version": "*"
      },
      {
        "model": "thinkserver td350",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "lenovo",
        "version": "1.25.0"
      },
      {
        "model": "thinkserver rd650",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "lenovo",
        "version": "*"
      },
      {
        "model": "thinkserver rd650",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "lenovo",
        "version": "1.25.0"
      },
      {
        "model": "thinkserver rd450",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "lenovo",
        "version": "1.25.0"
      },
      {
        "model": "thinkserver rd350",
        "scope": null,
        "trust": 0.8,
        "vendor": "lenovo",
        "version": null
      },
      {
        "model": "thinkserver rd450",
        "scope": null,
        "trust": 0.8,
        "vendor": "lenovo",
        "version": null
      },
      {
        "model": "thinkserver rd550",
        "scope": null,
        "trust": 0.8,
        "vendor": "lenovo",
        "version": null
      },
      {
        "model": "thinkserver rd650",
        "scope": null,
        "trust": 0.8,
        "vendor": "lenovo",
        "version": null
      },
      {
        "model": "thinkserver td350",
        "scope": null,
        "trust": 0.8,
        "vendor": "lenovo",
        "version": null
      },
      {
        "model": "thinkserver rd350",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "lenovo",
        "version": "1.25.0"
      },
      {
        "model": "thinkserver rd550",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "lenovo",
        "version": "1.25.0"
      },
      {
        "model": "thinkserver rd450",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "lenovo",
        "version": "1.25.0"
      },
      {
        "model": "thinkserver rd650",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "lenovo",
        "version": "1.25.0"
      },
      {
        "model": "thinkserver td350",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "lenovo",
        "version": "1.25.0"
      },
      {
        "model": "thinkserver td350",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "1.25"
      },
      {
        "model": "thinkserver rd650",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "1.25"
      },
      {
        "model": "thinkserver rd550",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "1.25"
      },
      {
        "model": "thinkserver rd450",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "1.25"
      },
      {
        "model": "thinkserver rd350",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "1.25"
      },
      {
        "model": "thinkserver td350",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "1.26"
      },
      {
        "model": "thinkserver rd650",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "1.26"
      },
      {
        "model": "thinkserver rd550",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "1.26"
      },
      {
        "model": "thinkserver rd450",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "1.26"
      },
      {
        "model": "thinkserver rd350",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "1.26"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-02718"
      },
      {
        "db": "BID",
        "id": "74198"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002387"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3322"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201504-371"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:lenovo:thinkserver_rd650_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.25.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:lenovo:thinkserver_rd650:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:lenovo:thinkserver_td350_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.25.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:lenovo:thinkserver_td350:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:lenovo:thinkserver_rd350_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.25.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:lenovo:thinkserver_rd350:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:lenovo:thinkserver_rd550_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.25.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:lenovo:thinkserver_rd550:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:lenovo:thinkserver_rd450_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.25.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:lenovo:thinkserver_rd450:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-3322"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Lenovo",
    "sources": [
      {
        "db": "BID",
        "id": "74198"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2015-3322",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.0,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2015-3322",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2015-02718",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-81283",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-3322",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2015-02718",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201504-371",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-81283",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-02718"
      },
      {
        "db": "VULHUB",
        "id": "VHN-81283"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002387"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3322"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201504-371"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Lenovo ThinkServer RD350, RD450, RD550, RD650, and TD350 servers before 1.26.0 use weak encryption to store (1) user and (2) administrator BIOS passwords, which allows attackers to decrypt the passwords via unspecified vectors. The Lenovo ThinkServer RD350, RD450, RD550, RD650 and TD350 are all rack-mounted server products from Lenovo. An attacker could exploit the vulnerability to crack a password. Multiple Lenovo products are prone to a BIOS password encryption weakness. A security vulnerability exists in several Lenovo ThinkServer product servers. The following products are affected: Lenovo ThinkServer RD350 prior to 1.26.0, RD450 prior to 1.26.0, RD550 prior to 1.26.0, RD650 prior to 1.26.0, TD350 prior to 1.26.0",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-3322"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002387"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-02718"
      },
      {
        "db": "BID",
        "id": "74198"
      },
      {
        "db": "VULHUB",
        "id": "VHN-81283"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-3322",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "74198",
        "trust": 1.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002387",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201504-371",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-02718",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-81283",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-02718"
      },
      {
        "db": "VULHUB",
        "id": "VHN-81283"
      },
      {
        "db": "BID",
        "id": "74198"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002387"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3322"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201504-371"
      }
    ]
  },
  "id": "VAR-201504-0449",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-02718"
      },
      {
        "db": "VULHUB",
        "id": "VHN-81283"
      }
    ],
    "trust": 0.06999999999999999
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-02718"
      }
    ]
  },
  "last_update_date": "2023-12-18T13:44:20.466000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "LEN-2015-018",
        "trust": 0.8,
        "url": "http://support.lenovo.com/us/en/product_security/ts_bios_pw"
      },
      {
        "title": "Patches for multiple vulnerabilities in several Lenovo ThinkServer product servers",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/57753"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-02718"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002387"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-310",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81283"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002387"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3322"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.6,
        "url": "https://support.lenovo.com/us/en/product_security/ts_bios_pw"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/74198"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3322"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3322"
      },
      {
        "trust": 0.3,
        "url": "http://www.lenovo.com/ca/en/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-02718"
      },
      {
        "db": "VULHUB",
        "id": "VHN-81283"
      },
      {
        "db": "BID",
        "id": "74198"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002387"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3322"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201504-371"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-02718"
      },
      {
        "db": "VULHUB",
        "id": "VHN-81283"
      },
      {
        "db": "BID",
        "id": "74198"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002387"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3322"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201504-371"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-04-24T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2015-02718"
      },
      {
        "date": "2015-04-16T00:00:00",
        "db": "VULHUB",
        "id": "VHN-81283"
      },
      {
        "date": "2015-03-24T00:00:00",
        "db": "BID",
        "id": "74198"
      },
      {
        "date": "2015-04-21T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-002387"
      },
      {
        "date": "2015-04-16T23:59:03.557000",
        "db": "NVD",
        "id": "CVE-2015-3322"
      },
      {
        "date": "2015-04-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201504-371"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-04-24T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2015-02718"
      },
      {
        "date": "2017-01-18T00:00:00",
        "db": "VULHUB",
        "id": "VHN-81283"
      },
      {
        "date": "2015-03-24T00:00:00",
        "db": "BID",
        "id": "74198"
      },
      {
        "date": "2015-04-21T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-002387"
      },
      {
        "date": "2017-01-18T02:59:00.750000",
        "db": "NVD",
        "id": "CVE-2015-3322"
      },
      {
        "date": "2015-04-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201504-371"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201504-371"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  Lenovo ThinkServer Vulnerability in product password decryption",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002387"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "encryption problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201504-371"
      }
    ],
    "trust": 0.6
  }
}

gsd-2015-3322

Vulnerability from gsd

Modified

2023-12-13 01:20

Details

Aliases

CVE-2015-3322

Aliases

CVE-2015-3322

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-3322",
    "description": "Lenovo ThinkServer RD350, RD450, RD550, RD650, and TD350 servers before 1.26.0 use weak encryption to store (1) user and (2) administrator BIOS passwords, which allows attackers to decrypt the passwords via unspecified vectors.",
    "id": "GSD-2015-3322"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-3322"
      ],
      "details": "Lenovo ThinkServer RD350, RD450, RD550, RD650, and TD350 servers before 1.26.0 use weak encryption to store (1) user and (2) administrator BIOS passwords, which allows attackers to decrypt the passwords via unspecified vectors.",
      "id": "GSD-2015-3322",
      "modified": "2023-12-13T01:20:07.839594Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2015-3322",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Lenovo ThinkServer RD350, RD450, RD550, RD650, and TD350 servers before 1.26.0 use weak encryption to store (1) user and (2) administrator BIOS passwords, which allows attackers to decrypt the passwords via unspecified vectors."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.lenovo.com/us/en/product_security/ts_bios_pw",
            "refsource": "CONFIRM",
            "url": "https://support.lenovo.com/us/en/product_security/ts_bios_pw"
          },
          {
            "name": "74198",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/74198"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:lenovo:thinkserver_rd650_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.25.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:lenovo:thinkserver_rd650:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:lenovo:thinkserver_td350_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.25.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:lenovo:thinkserver_td350:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:lenovo:thinkserver_rd350_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.25.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:lenovo:thinkserver_rd350:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:lenovo:thinkserver_rd550_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.25.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:lenovo:thinkserver_rd550:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:lenovo:thinkserver_rd450_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.25.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:lenovo:thinkserver_rd450:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-3322"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Lenovo ThinkServer RD350, RD450, RD550, RD650, and TD350 servers before 1.26.0 use weak encryption to store (1) user and (2) administrator BIOS passwords, which allows attackers to decrypt the passwords via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-310"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "74198",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/74198"
            },
            {
              "name": "https://support.lenovo.com/us/en/product_security/ts_bios_pw",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://support.lenovo.com/us/en/product_security/ts_bios_pw"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-01-18T02:59Z",
      "publishedDate": "2015-04-16T23:59Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2015-3322

Vulnerability from cvelistv5

fkie_cve-2015-3322

Vulnerability from fkie_nvd

ghsa-v866-q839-9cm4

Vulnerability from github

var-201504-0449

Vulnerability from variot

gsd-2015-3322

Vulnerability from gsd

Tags

Sightings

Nomenclature