PT-2015-6149 · Lenovo · Lenovo Thinkserver Rd650+3

Published

2015-04-16

Updated

2017-01-18

CVE-2015-3322

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Lenovo ThinkServer RD350, RD450, RD550, RD650, and TD350 servers versions prior to 1.26.0

Description The issue concerns the use of weak encryption to store user and administrator BIOS passwords. This weakness allows attackers to decrypt the passwords, potentially leading to unauthorized access. The exact vectors used for the decryption are not specified.

Recommendations For versions prior to 1.26.0, update to version 1.26.0 or later to resolve the issue with weak encryption of BIOS passwords.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-310

Related Identifiers

CVE-2015-3322

Affected Products

Lenovo Thinkserver Rd350

Lenovo Thinkserver Rd450

Lenovo Thinkserver Rd550

Lenovo Thinkserver Rd650

PT-2015-6149 · Lenovo · Lenovo Thinkserver Rd650+3

CVE-2015-3322

Weakness Enumeration

Related Identifiers

Affected Products

References · 3