PT-2015-6151 · Lenovo · Thinkserver System Manager (Tsm) Baseboard Management Controller

Published

2015-04-16

Updated

2016-12-06

CVE-2015-3324

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions ThinkServer System Manager (TSM) Baseboard Management Controller versions prior to 1.27.73476

Description The issue concerns the lack of server certificate validation during an encrypted remote KVM session, allowing man-in-the-middle attackers to spoof servers.

Recommendations For versions prior to 1.27.73476, update the firmware to version 1.27.73476 or later to resolve the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-310

Related Identifiers

CVE-2015-3324

Affected Products

Thinkserver System Manager (Tsm) Baseboard Management Controller

PT-2015-6151 · Lenovo · Thinkserver System Manager (Tsm) Baseboard Management Controller

CVE-2015-3324

Weakness Enumeration

Related Identifiers

Affected Products

References · 3