FKIE_CVE-2015-3322

Vulnerability from fkie_nvd - Published: 2015-04-16 23:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Lenovo ThinkServer RD350, RD450, RD550, RD650, and TD350 servers before 1.26.0 use weak encryption to store (1) user and (2) administrator BIOS passwords, which allows attackers to decrypt the passwords via unspecified vectors.
References
cve@mitre.orghttp://www.securityfocus.com/bid/74198Third Party Advisory, VDB Entry
cve@mitre.orghttps://support.lenovo.com/us/en/product_security/ts_bios_pwPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/74198Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://support.lenovo.com/us/en/product_security/ts_bios_pwPatch, Vendor Advisory
Impacted products
Vendor Product Version
lenovo thinkserver_rd650_firmware *
lenovo thinkserver_rd650 *
lenovo thinkserver_td350_firmware *
lenovo thinkserver_td350 *
lenovo thinkserver_rd350_firmware *
lenovo thinkserver_rd350 *
lenovo thinkserver_rd550_firmware *
lenovo thinkserver_rd550 *
lenovo thinkserver_rd450_firmware *
lenovo thinkserver_rd450 *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:lenovo:thinkserver_rd650_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9CA62C6-C274-4A02-BA07-14F3093C441F",
              "versionEndIncluding": "1.25.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:lenovo:thinkserver_rd650:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B688F4B0-E786-48BE-8BF0-5D7264B2EEF5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:lenovo:thinkserver_td350_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE5005E6-8AC3-4E3A-95B0-5874F3BC7970",
              "versionEndIncluding": "1.25.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:lenovo:thinkserver_td350:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "95E0DD7E-CC62-4384-91D4-7B2128780F7F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:lenovo:thinkserver_rd350_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "614188E7-FB1D-41A5-B563-A484B1872DA3",
              "versionEndIncluding": "1.25.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:lenovo:thinkserver_rd350:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FAF28D1-5E43-4528-A92B-960AD7366A58",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:lenovo:thinkserver_rd550_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "57D10220-9E77-4E53-8861-D6012DC0F084",
              "versionEndIncluding": "1.25.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:lenovo:thinkserver_rd550:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "85F39E5A-4EB8-4581-8B40-F825E01B6D4F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:lenovo:thinkserver_rd450_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "46B2325F-2B5E-4ABF-9B60-A51A0433C0B2",
              "versionEndIncluding": "1.25.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:lenovo:thinkserver_rd450:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E95F55A1-5D77-4D50-8D7F-EEC134451013",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Lenovo ThinkServer RD350, RD450, RD550, RD650, and TD350 servers before 1.26.0 use weak encryption to store (1) user and (2) administrator BIOS passwords, which allows attackers to decrypt the passwords via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Servidores Lenovo ThinkServer RD350, RD450, RD550, RD650 y TD350 en versiones anteriores a 1.26.0 utiliza cifrado d\u00e9bil para almacenar contrase\u00f1as BIOS de (1) usuario y (2) administrador, lo que permite a atacantes descifrar las contrase\u00f1as a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2015-3322",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-04-16T23:59:03.557",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/74198"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://support.lenovo.com/us/en/product_security/ts_bios_pw"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/74198"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://support.lenovo.com/us/en/product_security/ts_bios_pw"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-310"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.