CVE-2015-3322

Lenovo ThinkServer RD350, RD450, RD550, RD650, and TD350 servers before 1.26.0 use weak encryption to store (1) user and (2) administrator BIOS passwords, which allows attackers to decrypt the passwords via unspecified vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 34%
VendorProductVersion
lenovothinkserver_rd650_firmware
𝑥
≤ 1.25.0
lenovothinkserver_rd650
*
lenovothinkserver_td350_firmware
𝑥
≤ 1.25.0
lenovothinkserver_td350
*
lenovothinkserver_rd350_firmware
𝑥
≤ 1.25.0
lenovothinkserver_rd350
*
lenovothinkserver_rd550_firmware
𝑥
≤ 1.25.0
lenovothinkserver_rd550
*
lenovothinkserver_rd450_firmware
𝑥
≤ 1.25.0
lenovothinkserver_rd450
*
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/74198
https://support.lenovo.com/us/en/product_security/ts_bios_pw
http://www.securityfocus.com/bid/74198
https://support.lenovo.com/us/en/product_security/ts_bios_pw