CVE-2015-3322

EUVD-2015-3368
Lenovo ThinkServer RD350, RD450, RD550, RD650, and TD350 servers before 1.26.0 use weak encryption to store (1) user and (2) administrator BIOS passwords, which allows attackers to decrypt the passwords via unspecified vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 33%
Affected Products (NVD)
VendorProductVersion
lenovothinkserver_rd650_firmware
𝑥
≤ 1.25.0
lenovothinkserver_rd650
*
lenovothinkserver_td350_firmware
𝑥
≤ 1.25.0
lenovothinkserver_td350
*
lenovothinkserver_rd350_firmware
𝑥
≤ 1.25.0
lenovothinkserver_rd350
*
lenovothinkserver_rd550_firmware
𝑥
≤ 1.25.0
lenovothinkserver_rd550
*
lenovothinkserver_rd450_firmware
𝑥
≤ 1.25.0
lenovothinkserver_rd450
*
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/74198
https://support.lenovo.com/us/en/product_security/ts_bios_pw
http://www.securityfocus.com/bid/74198
https://support.lenovo.com/us/en/product_security/ts_bios_pw