cvelistv5 - cve-2015-3322

CVE-2015-3322 (GCVE-0-2015-3322)

Vulnerability from cvelistv5 – Published: 2015-04-16 23:00 – Updated: 2024-08-06 05:47

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://support.lenovo.com/us/en/product_security…	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/74198	vdb-entryx_refsource_BID

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T05:47:56.259Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.lenovo.com/us/en/product_security/ts_bios_pw"
          },
          {
            "name": "74198",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/74198"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-03-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Lenovo ThinkServer RD350, RD450, RD550, RD650, and TD350 servers before 1.26.0 use weak encryption to store (1) user and (2) administrator BIOS passwords, which allows attackers to decrypt the passwords via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-01-12T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.lenovo.com/us/en/product_security/ts_bios_pw"
        },
        {
          "name": "74198",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/74198"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-3322",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Lenovo ThinkServer RD350, RD450, RD550, RD650, and TD350 servers before 1.26.0 use weak encryption to store (1) user and (2) administrator BIOS passwords, which allows attackers to decrypt the passwords via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.lenovo.com/us/en/product_security/ts_bios_pw",
              "refsource": "CONFIRM",
              "url": "https://support.lenovo.com/us/en/product_security/ts_bios_pw"
            },
            {
              "name": "74198",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/74198"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-3322",
    "datePublished": "2015-04-16T23:00:00",
    "dateReserved": "2015-04-16T00:00:00",
    "dateUpdated": "2024-08-06T05:47:56.259Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:lenovo:thinkserver_rd650_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.25.0\", \"matchCriteriaId\": \"E9CA62C6-C274-4A02-BA07-14F3093C441F\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:lenovo:thinkserver_rd650:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B688F4B0-E786-48BE-8BF0-5D7264B2EEF5\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:lenovo:thinkserver_td350_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.25.0\", \"matchCriteriaId\": \"BE5005E6-8AC3-4E3A-95B0-5874F3BC7970\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:lenovo:thinkserver_td350:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"95E0DD7E-CC62-4384-91D4-7B2128780F7F\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:lenovo:thinkserver_rd350_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.25.0\", \"matchCriteriaId\": \"614188E7-FB1D-41A5-B563-A484B1872DA3\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:lenovo:thinkserver_rd350:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5FAF28D1-5E43-4528-A92B-960AD7366A58\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:lenovo:thinkserver_rd550_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.25.0\", \"matchCriteriaId\": \"57D10220-9E77-4E53-8861-D6012DC0F084\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:lenovo:thinkserver_rd550:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"85F39E5A-4EB8-4581-8B40-F825E01B6D4F\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:lenovo:thinkserver_rd450_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.25.0\", \"matchCriteriaId\": \"46B2325F-2B5E-4ABF-9B60-A51A0433C0B2\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:lenovo:thinkserver_rd450:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E95F55A1-5D77-4D50-8D7F-EEC134451013\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Lenovo ThinkServer RD350, RD450, RD550, RD650, and TD350 servers before 1.26.0 use weak encryption to store (1) user and (2) administrator BIOS passwords, which allows attackers to decrypt the passwords via unspecified vectors.\"}, {\"lang\": \"es\", \"value\": \"Servidores Lenovo ThinkServer RD350, RD450, RD550, RD650 y TD350 en versiones anteriores a 1.26.0 utiliza cifrado d\\u00e9bil para almacenar contrase\\u00f1as BIOS de (1) usuario y (2) administrador, lo que permite a atacantes descifrar las contrase\\u00f1as a trav\\u00e9s de vectores no especificados.\"}]",
      "id": "CVE-2015-3322",
      "lastModified": "2024-11-21T02:29:09.507",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2015-04-16T23:59:03.557",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/74198\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://support.lenovo.com/us/en/product_security/ts_bios_pw\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/74198\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://support.lenovo.com/us/en/product_security/ts_bios_pw\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-310\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2015-3322\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2015-04-16T23:59:03.557\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Lenovo ThinkServer RD350, RD450, RD550, RD650, and TD350 servers before 1.26.0 use weak encryption to store (1) user and (2) administrator BIOS passwords, which allows attackers to decrypt the passwords via unspecified vectors.\"},{\"lang\":\"es\",\"value\":\"Servidores Lenovo ThinkServer RD350, RD450, RD550, RD650 y TD350 en versiones anteriores a 1.26.0 utiliza cifrado d\u00e9bil para almacenar contrase\u00f1as BIOS de (1) usuario y (2) administrador, lo que permite a atacantes descifrar las contrase\u00f1as a trav\u00e9s de vectores no especificados.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-310\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lenovo:thinkserver_rd650_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.25.0\",\"matchCriteriaId\":\"E9CA62C6-C274-4A02-BA07-14F3093C441F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:lenovo:thinkserver_rd650:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B688F4B0-E786-48BE-8BF0-5D7264B2EEF5\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lenovo:thinkserver_td350_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.25.0\",\"matchCriteriaId\":\"BE5005E6-8AC3-4E3A-95B0-5874F3BC7970\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:lenovo:thinkserver_td350:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"95E0DD7E-CC62-4384-91D4-7B2128780F7F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lenovo:thinkserver_rd350_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.25.0\",\"matchCriteriaId\":\"614188E7-FB1D-41A5-B563-A484B1872DA3\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:lenovo:thinkserver_rd350:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5FAF28D1-5E43-4528-A92B-960AD7366A58\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lenovo:thinkserver_rd550_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.25.0\",\"matchCriteriaId\":\"57D10220-9E77-4E53-8861-D6012DC0F084\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:lenovo:thinkserver_rd550:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"85F39E5A-4EB8-4581-8B40-F825E01B6D4F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lenovo:thinkserver_rd450_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.25.0\",\"matchCriteriaId\":\"46B2325F-2B5E-4ABF-9B60-A51A0433C0B2\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:lenovo:thinkserver_rd450:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E95F55A1-5D77-4D50-8D7F-EEC134451013\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/74198\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://support.lenovo.com/us/en/product_security/ts_bios_pw\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/74198\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://support.lenovo.com/us/en/product_security/ts_bios_pw\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
  }
}

VAR-201504-0449

Vulnerability from variot - Updated: 2023-12-18 13:44

Lenovo ThinkServer RD350, RD450, RD550, RD650, and TD350 servers before 1.26.0 use weak encryption to store (1) user and (2) administrator BIOS passwords, which allows attackers to decrypt the passwords via unspecified vectors. The Lenovo ThinkServer RD350, RD450, RD550, RD650 and TD350 are all rack-mounted server products from Lenovo. An attacker could exploit the vulnerability to crack a password. Multiple Lenovo products are prone to a BIOS password encryption weakness. A security vulnerability exists in several Lenovo ThinkServer product servers. The following products are affected: Lenovo ThinkServer RD350 prior to 1.26.0, RD450 prior to 1.26.0, RD550 prior to 1.26.0, RD650 prior to 1.26.0, TD350 prior to 1.26.0

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201504-0449",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "thinkserver td350",
        "scope": "lt",
        "trust": 1.4,
        "vendor": "lenovo",
        "version": "1.26.0"
      },
      {
        "model": "thinkserver rd650",
        "scope": "lt",
        "trust": 1.4,
        "vendor": "lenovo",
        "version": "1.26.0"
      },
      {
        "model": "thinkserver rd550",
        "scope": "lt",
        "trust": 1.4,
        "vendor": "lenovo",
        "version": "1.26.0"
      },
      {
        "model": "thinkserver rd450",
        "scope": "lt",
        "trust": 1.4,
        "vendor": "lenovo",
        "version": "1.26.0"
      },
      {
        "model": "thinkserver rd350",
        "scope": "lt",
        "trust": 1.4,
        "vendor": "lenovo",
        "version": "1.26.0"
      },
      {
        "model": "thinkserver rd350",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "lenovo",
        "version": "1.25.0"
      },
      {
        "model": "thinkserver rd550",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "lenovo",
        "version": "*"
      },
      {
        "model": "thinkserver rd550",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "lenovo",
        "version": "1.25.0"
      },
      {
        "model": "thinkserver rd450",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "lenovo",
        "version": "*"
      },
      {
        "model": "thinkserver td350",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "lenovo",
        "version": "*"
      },
      {
        "model": "thinkserver rd350",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "lenovo",
        "version": "*"
      },
      {
        "model": "thinkserver td350",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "lenovo",
        "version": "1.25.0"
      },
      {
        "model": "thinkserver rd650",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "lenovo",
        "version": "*"
      },
      {
        "model": "thinkserver rd650",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "lenovo",
        "version": "1.25.0"
      },
      {
        "model": "thinkserver rd450",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "lenovo",
        "version": "1.25.0"
      },
      {
        "model": "thinkserver rd350",
        "scope": null,
        "trust": 0.8,
        "vendor": "lenovo",
        "version": null
      },
      {
        "model": "thinkserver rd450",
        "scope": null,
        "trust": 0.8,
        "vendor": "lenovo",
        "version": null
      },
      {
        "model": "thinkserver rd550",
        "scope": null,
        "trust": 0.8,
        "vendor": "lenovo",
        "version": null
      },
      {
        "model": "thinkserver rd650",
        "scope": null,
        "trust": 0.8,
        "vendor": "lenovo",
        "version": null
      },
      {
        "model": "thinkserver td350",
        "scope": null,
        "trust": 0.8,
        "vendor": "lenovo",
        "version": null
      },
      {
        "model": "thinkserver rd350",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "lenovo",
        "version": "1.25.0"
      },
      {
        "model": "thinkserver rd550",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "lenovo",
        "version": "1.25.0"
      },
      {
        "model": "thinkserver rd450",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "lenovo",
        "version": "1.25.0"
      },
      {
        "model": "thinkserver rd650",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "lenovo",
        "version": "1.25.0"
      },
      {
        "model": "thinkserver td350",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "lenovo",
        "version": "1.25.0"
      },
      {
        "model": "thinkserver td350",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "1.25"
      },
      {
        "model": "thinkserver rd650",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "1.25"
      },
      {
        "model": "thinkserver rd550",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "1.25"
      },
      {
        "model": "thinkserver rd450",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "1.25"
      },
      {
        "model": "thinkserver rd350",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "1.25"
      },
      {
        "model": "thinkserver td350",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "1.26"
      },
      {
        "model": "thinkserver rd650",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "1.26"
      },
      {
        "model": "thinkserver rd550",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "1.26"
      },
      {
        "model": "thinkserver rd450",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "1.26"
      },
      {
        "model": "thinkserver rd350",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "1.26"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-02718"
      },
      {
        "db": "BID",
        "id": "74198"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002387"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3322"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201504-371"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:lenovo:thinkserver_rd650_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.25.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:lenovo:thinkserver_rd650:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:lenovo:thinkserver_td350_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.25.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:lenovo:thinkserver_td350:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:lenovo:thinkserver_rd350_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.25.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:lenovo:thinkserver_rd350:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:lenovo:thinkserver_rd550_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.25.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:lenovo:thinkserver_rd550:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:lenovo:thinkserver_rd450_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.25.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:lenovo:thinkserver_rd450:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-3322"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Lenovo",
    "sources": [
      {
        "db": "BID",
        "id": "74198"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2015-3322",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.0,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2015-3322",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2015-02718",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-81283",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-3322",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2015-02718",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201504-371",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-81283",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-02718"
      },
      {
        "db": "VULHUB",
        "id": "VHN-81283"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002387"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3322"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201504-371"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Lenovo ThinkServer RD350, RD450, RD550, RD650, and TD350 servers before 1.26.0 use weak encryption to store (1) user and (2) administrator BIOS passwords, which allows attackers to decrypt the passwords via unspecified vectors. The Lenovo ThinkServer RD350, RD450, RD550, RD650 and TD350 are all rack-mounted server products from Lenovo. An attacker could exploit the vulnerability to crack a password. Multiple Lenovo products are prone to a BIOS password encryption weakness. A security vulnerability exists in several Lenovo ThinkServer product servers. The following products are affected: Lenovo ThinkServer RD350 prior to 1.26.0, RD450 prior to 1.26.0, RD550 prior to 1.26.0, RD650 prior to 1.26.0, TD350 prior to 1.26.0",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-3322"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002387"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-02718"
      },
      {
        "db": "BID",
        "id": "74198"
      },
      {
        "db": "VULHUB",
        "id": "VHN-81283"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-3322",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "74198",
        "trust": 1.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002387",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201504-371",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-02718",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-81283",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-02718"
      },
      {
        "db": "VULHUB",
        "id": "VHN-81283"
      },
      {
        "db": "BID",
        "id": "74198"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002387"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3322"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201504-371"
      }
    ]
  },
  "id": "VAR-201504-0449",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-02718"
      },
      {
        "db": "VULHUB",
        "id": "VHN-81283"
      }
    ],
    "trust": 0.06999999999999999
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-02718"
      }
    ]
  },
  "last_update_date": "2023-12-18T13:44:20.466000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "LEN-2015-018",
        "trust": 0.8,
        "url": "http://support.lenovo.com/us/en/product_security/ts_bios_pw"
      },
      {
        "title": "Patches for multiple vulnerabilities in several Lenovo ThinkServer product servers",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/57753"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-02718"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002387"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-310",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81283"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002387"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3322"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.6,
        "url": "https://support.lenovo.com/us/en/product_security/ts_bios_pw"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/74198"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3322"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3322"
      },
      {
        "trust": 0.3,
        "url": "http://www.lenovo.com/ca/en/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-02718"
      },
      {
        "db": "VULHUB",
        "id": "VHN-81283"
      },
      {
        "db": "BID",
        "id": "74198"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002387"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3322"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201504-371"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-02718"
      },
      {
        "db": "VULHUB",
        "id": "VHN-81283"
      },
      {
        "db": "BID",
        "id": "74198"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002387"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3322"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201504-371"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-04-24T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2015-02718"
      },
      {
        "date": "2015-04-16T00:00:00",
        "db": "VULHUB",
        "id": "VHN-81283"
      },
      {
        "date": "2015-03-24T00:00:00",
        "db": "BID",
        "id": "74198"
      },
      {
        "date": "2015-04-21T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-002387"
      },
      {
        "date": "2015-04-16T23:59:03.557000",
        "db": "NVD",
        "id": "CVE-2015-3322"
      },
      {
        "date": "2015-04-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201504-371"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-04-24T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2015-02718"
      },
      {
        "date": "2017-01-18T00:00:00",
        "db": "VULHUB",
        "id": "VHN-81283"
      },
      {
        "date": "2015-03-24T00:00:00",
        "db": "BID",
        "id": "74198"
      },
      {
        "date": "2015-04-21T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-002387"
      },
      {
        "date": "2017-01-18T02:59:00.750000",
        "db": "NVD",
        "id": "CVE-2015-3322"
      },
      {
        "date": "2015-04-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201504-371"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201504-371"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  Lenovo ThinkServer Vulnerability in product password decryption",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002387"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "encryption problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201504-371"
      }
    ],
    "trust": 0.6
  }
}

CNVD-2015-02718

Vulnerability from cnvd - Published: 2015-04-24

Title

多款Lenovo ThinkServer产品服务器存在多个漏洞

Description

Lenovo ThinkServer RD350、RD450、RD550、RD650和TD350都是中国联想（Lenovo）公司的机架式服务器产品。多款Lenovo ThinkServer产品服务器存在弱加密存储用户和管理员BIOS密码漏洞。攻击者可利用该漏洞破解密码。

Severity

中

Patch Name

多款Lenovo ThinkServer产品服务器存在多个漏洞的补丁

Patch Description

Lenovo ThinkServer RD350、RD450、RD550、RD650和TD350都是中国联想（Lenovo）公司的机架式服务器产品。多款Lenovo ThinkServer产品服务器存在弱加密存储用户和管理员BIOS密码漏洞。攻击者可利用该漏洞破解密码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可参考如下厂商提供的安全公告获取补丁以修复该漏洞：http://support.lenovo.com/us/en/product_security/ts_bios_pw

Reference

http://support.lenovo.com/us/en/product_security/ts_bios_pw

Impacted products

Name
['Lenovo ThinkServer TD350 < 1.26.0', 'Lenovo ThinkServer RD650 < 1.26.0', 'Lenovo ThinkServer RD550 < 1.26.0', 'Lenovo ThinkServer RD450 < 1.26.0', 'Lenovo ThinkServer RD350 < 1.26.0']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-3322"
    }
  },
  "description": "Lenovo ThinkServer RD350\u3001RD450\u3001RD550\u3001RD650\u548cTD350\u90fd\u662f\u4e2d\u56fd\u8054\u60f3\uff08Lenovo\uff09\u516c\u53f8\u7684\u673a\u67b6\u5f0f\u670d\u52a1\u5668\u4ea7\u54c1\u3002\r\n\r\n\u591a\u6b3eLenovo ThinkServer\u4ea7\u54c1\u670d\u52a1\u5668\u5b58\u5728\u5f31\u52a0\u5bc6\u5b58\u50a8\u7528\u6237\u548c\u7ba1\u7406\u5458BIOS\u5bc6\u7801\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7834\u89e3\u5bc6\u7801\u3002",
  "discovererName": "unknown",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u53d6\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1ahttp://support.lenovo.com/us/en/product_security/ts_bios_pw",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-02718",
  "openTime": "2015-04-24",
  "patchDescription": "Lenovo ThinkServer RD350\u3001RD450\u3001RD550\u3001RD650\u548cTD350\u90fd\u662f\u4e2d\u56fd\u8054\u60f3\uff08Lenovo\uff09\u516c\u53f8\u7684\u673a\u67b6\u5f0f\u670d\u52a1\u5668\u4ea7\u54c1\u3002 \r\n\r\n\u591a\u6b3eLenovo ThinkServer\u4ea7\u54c1\u670d\u52a1\u5668\u5b58\u5728\u5f31\u52a0\u5bc6\u5b58\u50a8\u7528\u6237\u548c\u7ba1\u7406\u5458BIOS\u5bc6\u7801\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7834\u89e3\u5bc6\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eLenovo ThinkServer\u4ea7\u54c1\u670d\u52a1\u5668\u5b58\u5728\u591a\u4e2a\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Lenovo ThinkServer TD350 \u003c 1.26.0",
      "Lenovo ThinkServer RD650 \u003c 1.26.0",
      "Lenovo ThinkServer RD550 \u003c 1.26.0",
      "Lenovo ThinkServer RD450 \u003c 1.26.0",
      "Lenovo ThinkServer RD350 \u003c 1.26.0"
    ]
  },
  "referenceLink": "http://support.lenovo.com/us/en/product_security/ts_bios_pw",
  "serverity": "\u4e2d",
  "submitTime": "2015-04-23",
  "title": "\u591a\u6b3eLenovo ThinkServer\u4ea7\u54c1\u670d\u52a1\u5668\u5b58\u5728\u591a\u4e2a\u6f0f\u6d1e"
}

GHSA-V866-Q839-9CM4

Vulnerability from github – Published: 2022-05-17 03:05 – Updated: 2022-05-17 03:05

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-3322"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-04-16T23:59:00Z",
    "severity": "MODERATE"
  },
  "details": "Lenovo ThinkServer RD350, RD450, RD550, RD650, and TD350 servers before 1.26.0 use weak encryption to store (1) user and (2) administrator BIOS passwords, which allows attackers to decrypt the passwords via unspecified vectors.",
  "id": "GHSA-v866-q839-9cm4",
  "modified": "2022-05-17T03:05:00Z",
  "published": "2022-05-17T03:05:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3322"
    },
    {
      "type": "WEB",
      "url": "https://support.lenovo.com/us/en/product_security/ts_bios_pw"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/74198"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2015-3322

Vulnerability from fkie_nvd - Published: 2015-04-16 23:59 - Updated: 2025-04-12 10:46

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://www.securityfocus.com/bid/74198	Third Party Advisory, VDB Entry
cve@mitre.org	https://support.lenovo.com/us/en/product_security/ts_bios_pw	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/74198	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://support.lenovo.com/us/en/product_security/ts_bios_pw	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
lenovo	thinkserver_rd650_firmware	*
lenovo	thinkserver_rd650	*
lenovo	thinkserver_td350_firmware	*
lenovo	thinkserver_td350	*
lenovo	thinkserver_rd350_firmware	*
lenovo	thinkserver_rd350	*
lenovo	thinkserver_rd550_firmware	*
lenovo	thinkserver_rd550	*
lenovo	thinkserver_rd450_firmware	*
lenovo	thinkserver_rd450	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:lenovo:thinkserver_rd650_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9CA62C6-C274-4A02-BA07-14F3093C441F",
              "versionEndIncluding": "1.25.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:lenovo:thinkserver_rd650:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B688F4B0-E786-48BE-8BF0-5D7264B2EEF5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:lenovo:thinkserver_td350_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE5005E6-8AC3-4E3A-95B0-5874F3BC7970",
              "versionEndIncluding": "1.25.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:lenovo:thinkserver_td350:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "95E0DD7E-CC62-4384-91D4-7B2128780F7F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:lenovo:thinkserver_rd350_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "614188E7-FB1D-41A5-B563-A484B1872DA3",
              "versionEndIncluding": "1.25.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:lenovo:thinkserver_rd350:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FAF28D1-5E43-4528-A92B-960AD7366A58",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:lenovo:thinkserver_rd550_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "57D10220-9E77-4E53-8861-D6012DC0F084",
              "versionEndIncluding": "1.25.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:lenovo:thinkserver_rd550:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "85F39E5A-4EB8-4581-8B40-F825E01B6D4F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:lenovo:thinkserver_rd450_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "46B2325F-2B5E-4ABF-9B60-A51A0433C0B2",
              "versionEndIncluding": "1.25.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:lenovo:thinkserver_rd450:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E95F55A1-5D77-4D50-8D7F-EEC134451013",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Lenovo ThinkServer RD350, RD450, RD550, RD650, and TD350 servers before 1.26.0 use weak encryption to store (1) user and (2) administrator BIOS passwords, which allows attackers to decrypt the passwords via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Servidores Lenovo ThinkServer RD350, RD450, RD550, RD650 y TD350 en versiones anteriores a 1.26.0 utiliza cifrado d\u00e9bil para almacenar contrase\u00f1as BIOS de (1) usuario y (2) administrador, lo que permite a atacantes descifrar las contrase\u00f1as a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2015-3322",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-04-16T23:59:03.557",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/74198"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://support.lenovo.com/us/en/product_security/ts_bios_pw"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/74198"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://support.lenovo.com/us/en/product_security/ts_bios_pw"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-310"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2015-3322

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2015-3322

Aliases

CVE-2015-3322

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-3322",
    "description": "Lenovo ThinkServer RD350, RD450, RD550, RD650, and TD350 servers before 1.26.0 use weak encryption to store (1) user and (2) administrator BIOS passwords, which allows attackers to decrypt the passwords via unspecified vectors.",
    "id": "GSD-2015-3322"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-3322"
      ],
      "details": "Lenovo ThinkServer RD350, RD450, RD550, RD650, and TD350 servers before 1.26.0 use weak encryption to store (1) user and (2) administrator BIOS passwords, which allows attackers to decrypt the passwords via unspecified vectors.",
      "id": "GSD-2015-3322",
      "modified": "2023-12-13T01:20:07.839594Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2015-3322",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Lenovo ThinkServer RD350, RD450, RD550, RD650, and TD350 servers before 1.26.0 use weak encryption to store (1) user and (2) administrator BIOS passwords, which allows attackers to decrypt the passwords via unspecified vectors."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.lenovo.com/us/en/product_security/ts_bios_pw",
            "refsource": "CONFIRM",
            "url": "https://support.lenovo.com/us/en/product_security/ts_bios_pw"
          },
          {
            "name": "74198",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/74198"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:lenovo:thinkserver_rd650_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.25.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:lenovo:thinkserver_rd650:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:lenovo:thinkserver_td350_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.25.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:lenovo:thinkserver_td350:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:lenovo:thinkserver_rd350_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.25.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:lenovo:thinkserver_rd350:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:lenovo:thinkserver_rd550_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.25.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:lenovo:thinkserver_rd550:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:lenovo:thinkserver_rd450_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.25.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:lenovo:thinkserver_rd450:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-3322"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Lenovo ThinkServer RD350, RD450, RD550, RD650, and TD350 servers before 1.26.0 use weak encryption to store (1) user and (2) administrator BIOS passwords, which allows attackers to decrypt the passwords via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-310"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "74198",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/74198"
            },
            {
              "name": "https://support.lenovo.com/us/en/product_security/ts_bios_pw",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://support.lenovo.com/us/en/product_security/ts_bios_pw"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-01-18T02:59Z",
      "publishedDate": "2015-04-16T23:59Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2015-3322 (GCVE-0-2015-3322)

VAR-201504-0449

CNVD-2015-02718

GHSA-V866-Q839-9CM4

FKIE_CVE-2015-3322

GSD-2015-3322

Tags

Sightings

Nomenclature