Vulnerability Description
Lenovo ThinkServer RD350, RD450, RD550, RD650, and TD350 servers before 1.26.0 use weak encryption to store (1) user and (2) administrator BIOS passwords, which allows attackers to decrypt the passwords via unspecified vectors.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Lenovo | Thinkserver Rd650 Firmware | <= 1.25.0 |
| Lenovo | Thinkserver Rd650 | All versions |
| Lenovo | Thinkserver Td350 Firmware | <= 1.25.0 |
| Lenovo | Thinkserver Td350 | All versions |
| Lenovo | Thinkserver Rd350 Firmware | <= 1.25.0 |
| Lenovo | Thinkserver Rd350 | All versions |
| Lenovo | Thinkserver Rd550 Firmware | <= 1.25.0 |
| Lenovo | Thinkserver Rd550 | All versions |
| Lenovo | Thinkserver Rd450 Firmware | <= 1.25.0 |
| Lenovo | Thinkserver Rd450 | All versions |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/74198Third Party AdvisoryVDB Entry
- https://support.lenovo.com/us/en/product_security/ts_bios_pwPatchVendor Advisory
- http://www.securityfocus.com/bid/74198Third Party AdvisoryVDB Entry
- https://support.lenovo.com/us/en/product_security/ts_bios_pwPatchVendor Advisory
FAQ
What is CVE-2015-3322?
CVE-2015-3322 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Lenovo ThinkServer RD350, RD450, RD550, RD650, and TD350 servers before 1.26.0 use weak encryption to store (1) user and (2) administrator BIOS passwords, which allows attackers to decrypt the passwor...
How severe is CVE-2015-3322?
CVE-2015-3322 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-3322?
Check the references section above for vendor advisories and patch information. Affected products include: Lenovo Thinkserver Rd650 Firmware, Lenovo Thinkserver Rd650, Lenovo Thinkserver Td350 Firmware, Lenovo Thinkserver Td350, Lenovo Thinkserver Rd350 Firmware.