CVE-2015-3322

Lenovo ThinkServer RD350, RD450, RD550, RD650, and TD350 servers before 1.26.0 use weak encryption to store (1) user and (2) administrator BIOS passwords, which allows attackers to decrypt the passwords via unspecified vectors.

Published: Apr 17, 2015
Updated: Apr 13, 2023
CVE: CVE-2015-3322
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-310

Affected Software
References

Software	From	Fixed in
lenovo / thinkserver_rd650_firmware	-	1.25.0.x
lenovo / thinkserver_rd650	-	-
lenovo / thinkserver_td350_firmware	-	1.25.0.x
lenovo / thinkserver_td350	-	-
lenovo / thinkserver_rd350_firmware	-	1.25.0.x
lenovo / thinkserver_rd350	-	-
lenovo / thinkserver_rd550_firmware	-	1.25.0.x
lenovo / thinkserver_rd550	-	-
lenovo / thinkserver_rd450_firmware	-	1.25.0.x
lenovo / thinkserver_rd450	-	-

http://www.securityfocus.com/bid/74198
https://support.lenovo.com/us/en/product_security/ts_bios_pw

Vulnerability Database

289,697

CVE-2015-3322