CVE-2015-3322
Severity Score
5.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Lenovo ThinkServer RD350, RD450, RD550, RD650, and TD350 servers before 1.26.0 use weak encryption to store (1) user and (2) administrator BIOS passwords, which allows attackers to decrypt the passwords via unspecified vectors.
Servidores Lenovo ThinkServer RD350, RD450, RD550, RD650 y TD350 en versiones anteriores a 1.26.0 utiliza cifrado débil para almacenar contraseñas BIOS de (1) usuario y (2) administrador, lo que permite a atacantes descifrar las contraseñas a través de vectores no especificados.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2015-04-16 CVE Reserved
- 2015-04-16 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-310: Cryptographic Issues
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/74198 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://support.lenovo.com/us/en/product_security/ts_bios_pw | 2017-01-18 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Lenovo Search vendor "Lenovo" | Thinkserver Rd650 Firmware Search vendor "Lenovo" for product "Thinkserver Rd650 Firmware" | <= 1.25.0 Search vendor "Lenovo" for product "Thinkserver Rd650 Firmware" and version " <= 1.25.0" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkserver Rd650 Search vendor "Lenovo" for product "Thinkserver Rd650" | * | - |
Affected
|
| Lenovo Search vendor "Lenovo" | Thinkserver Td350 Firmware Search vendor "Lenovo" for product "Thinkserver Td350 Firmware" | <= 1.25.0 Search vendor "Lenovo" for product "Thinkserver Td350 Firmware" and version " <= 1.25.0" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkserver Td350 Search vendor "Lenovo" for product "Thinkserver Td350" | * | - |
Affected
|
| Lenovo Search vendor "Lenovo" | Thinkserver Rd350 Firmware Search vendor "Lenovo" for product "Thinkserver Rd350 Firmware" | <= 1.25.0 Search vendor "Lenovo" for product "Thinkserver Rd350 Firmware" and version " <= 1.25.0" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkserver Rd350 Search vendor "Lenovo" for product "Thinkserver Rd350" | * | - |
Affected
|
| Lenovo Search vendor "Lenovo" | Thinkserver Rd550 Firmware Search vendor "Lenovo" for product "Thinkserver Rd550 Firmware" | <= 1.25.0 Search vendor "Lenovo" for product "Thinkserver Rd550 Firmware" and version " <= 1.25.0" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkserver Rd550 Search vendor "Lenovo" for product "Thinkserver Rd550" | * | - |
Affected
|
| Lenovo Search vendor "Lenovo" | Thinkserver Rd450 Firmware Search vendor "Lenovo" for product "Thinkserver Rd450 Firmware" | <= 1.25.0 Search vendor "Lenovo" for product "Thinkserver Rd450 Firmware" and version " <= 1.25.0" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkserver Rd450 Search vendor "Lenovo" for product "Thinkserver Rd450" | * | - |
Affected
|