CVE-2015-3324
Severity Score
5.9
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The ThinkServer System Manager (TSM) Baseboard Management Controller before firmware 1.27.73476 for ThinkServer RD350, RD450, RD550, RD650, and TD350 does not validate server certificates during an "encrypted remote KVM session," which allows man-in-the-middle attackers to spoof servers.
ThinkServer System Manager (TSM) Baseboard Management Controller anterior a firmware 1.27.73476 para ThinkServer RD350, RD450, RD550, RD650, y TD350 no valida los certificados de servidores durante una 'sesiĆ³n KVM remota codificada,' lo que permite a atacantes man-in-the-middle falsificar servidores.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2015-04-16 CVE Reserved
- 2015-04-16 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-310: Cryptographic Issues
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/74199 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://support.lenovo.com/us/en/product_security/tsm_weak_pw | 2016-12-06 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Lenovo Search vendor "Lenovo" | Thinkserver System Manager Baseboard Management Controller Firmware Search vendor "Lenovo" for product "Thinkserver System Manager Baseboard Management Controller Firmware" | 118.71532 Search vendor "Lenovo" for product "Thinkserver System Manager Baseboard Management Controller Firmware" and version "118.71532" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkserver Rd350 Search vendor "Lenovo" for product "Thinkserver Rd350" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkserver System Manager Baseboard Management Controller Firmware Search vendor "Lenovo" for product "Thinkserver System Manager Baseboard Management Controller Firmware" | 118.71532 Search vendor "Lenovo" for product "Thinkserver System Manager Baseboard Management Controller Firmware" and version "118.71532" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkserver Rd450 Search vendor "Lenovo" for product "Thinkserver Rd450" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkserver System Manager Baseboard Management Controller Firmware Search vendor "Lenovo" for product "Thinkserver System Manager Baseboard Management Controller Firmware" | 118.71532 Search vendor "Lenovo" for product "Thinkserver System Manager Baseboard Management Controller Firmware" and version "118.71532" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkserver Rd550 Search vendor "Lenovo" for product "Thinkserver Rd550" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkserver System Manager Baseboard Management Controller Firmware Search vendor "Lenovo" for product "Thinkserver System Manager Baseboard Management Controller Firmware" | 118.71532 Search vendor "Lenovo" for product "Thinkserver System Manager Baseboard Management Controller Firmware" and version "118.71532" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkserver Rd650 Search vendor "Lenovo" for product "Thinkserver Rd650" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkserver System Manager Baseboard Management Controller Firmware Search vendor "Lenovo" for product "Thinkserver System Manager Baseboard Management Controller Firmware" | 118.71532 Search vendor "Lenovo" for product "Thinkserver System Manager Baseboard Management Controller Firmware" and version "118.71532" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkserver Td350 Search vendor "Lenovo" for product "Thinkserver Td350" | - | - |
Safe
|