var-201504-0449
Vulnerability from variot
Lenovo ThinkServer RD350, RD450, RD550, RD650, and TD350 servers before 1.26.0 use weak encryption to store (1) user and (2) administrator BIOS passwords, which allows attackers to decrypt the passwords via unspecified vectors. The Lenovo ThinkServer RD350, RD450, RD550, RD650 and TD350 are all rack-mounted server products from Lenovo. An attacker could exploit the vulnerability to crack a password. Multiple Lenovo products are prone to a BIOS password encryption weakness. A security vulnerability exists in several Lenovo ThinkServer product servers. The following products are affected: Lenovo ThinkServer RD350 prior to 1.26.0, RD450 prior to 1.26.0, RD550 prior to 1.26.0, RD650 prior to 1.26.0, TD350 prior to 1.26.0
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201504-0449",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "thinkserver td350",
"scope": "lt",
"trust": 1.4,
"vendor": "lenovo",
"version": "1.26.0"
},
{
"model": "thinkserver rd650",
"scope": "lt",
"trust": 1.4,
"vendor": "lenovo",
"version": "1.26.0"
},
{
"model": "thinkserver rd550",
"scope": "lt",
"trust": 1.4,
"vendor": "lenovo",
"version": "1.26.0"
},
{
"model": "thinkserver rd450",
"scope": "lt",
"trust": 1.4,
"vendor": "lenovo",
"version": "1.26.0"
},
{
"model": "thinkserver rd350",
"scope": "lt",
"trust": 1.4,
"vendor": "lenovo",
"version": "1.26.0"
},
{
"model": "thinkserver rd350",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": "*"
},
{
"model": "thinkserver rd450",
"scope": "lte",
"trust": 1.0,
"vendor": "lenovo",
"version": "1.25.0"
},
{
"model": "thinkserver rd550",
"scope": "lte",
"trust": 1.0,
"vendor": "lenovo",
"version": "1.25.0"
},
{
"model": "thinkserver rd650",
"scope": "lte",
"trust": 1.0,
"vendor": "lenovo",
"version": "1.25.0"
},
{
"model": "thinkserver rd650",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": "*"
},
{
"model": "thinkserver td350",
"scope": "lte",
"trust": 1.0,
"vendor": "lenovo",
"version": "1.25.0"
},
{
"model": "thinkserver rd450",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": "*"
},
{
"model": "thinkserver td350",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": "*"
},
{
"model": "thinkserver rd350",
"scope": "lte",
"trust": 1.0,
"vendor": "lenovo",
"version": "1.25.0"
},
{
"model": "thinkserver rd550",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": "*"
},
{
"model": "thinkserver rd350",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkserver rd450",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkserver rd550",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkserver rd650",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkserver td350",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkserver rd350",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "1.25.0"
},
{
"model": "thinkserver rd550",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "1.25.0"
},
{
"model": "thinkserver rd450",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "1.25.0"
},
{
"model": "thinkserver rd650",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "1.25.0"
},
{
"model": "thinkserver td350",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "1.25.0"
},
{
"model": "thinkserver td350",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "1.25"
},
{
"model": "thinkserver rd650",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "1.25"
},
{
"model": "thinkserver rd550",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "1.25"
},
{
"model": "thinkserver rd450",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "1.25"
},
{
"model": "thinkserver rd350",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "1.25"
},
{
"model": "thinkserver td350",
"scope": "ne",
"trust": 0.3,
"vendor": "lenovo",
"version": "1.26"
},
{
"model": "thinkserver rd650",
"scope": "ne",
"trust": 0.3,
"vendor": "lenovo",
"version": "1.26"
},
{
"model": "thinkserver rd550",
"scope": "ne",
"trust": 0.3,
"vendor": "lenovo",
"version": "1.26"
},
{
"model": "thinkserver rd450",
"scope": "ne",
"trust": 0.3,
"vendor": "lenovo",
"version": "1.26"
},
{
"model": "thinkserver rd350",
"scope": "ne",
"trust": 0.3,
"vendor": "lenovo",
"version": "1.26"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-02718"
},
{
"db": "BID",
"id": "74198"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002387"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-371"
},
{
"db": "NVD",
"id": "CVE-2015-3322"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:lenovo:thinkserver_rd350",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:lenovo:thinkserver_rd350_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:lenovo:thinkserver_rd450",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:lenovo:thinkserver_rd450_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:lenovo:thinkserver_rd550",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:lenovo:thinkserver_rd550_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:lenovo:thinkserver_rd650",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:lenovo:thinkserver_rd650_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:lenovo:thinkserver_td350",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:lenovo:thinkserver_td350_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002387"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lenovo",
"sources": [
{
"db": "BID",
"id": "74198"
}
],
"trust": 0.3
},
"cve": "CVE-2015-3322",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2015-3322",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-02718",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-81283",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-3322",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2015-3322",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2015-02718",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201504-371",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-81283",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-02718"
},
{
"db": "VULHUB",
"id": "VHN-81283"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002387"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-371"
},
{
"db": "NVD",
"id": "CVE-2015-3322"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lenovo ThinkServer RD350, RD450, RD550, RD650, and TD350 servers before 1.26.0 use weak encryption to store (1) user and (2) administrator BIOS passwords, which allows attackers to decrypt the passwords via unspecified vectors. The Lenovo ThinkServer RD350, RD450, RD550, RD650 and TD350 are all rack-mounted server products from Lenovo. An attacker could exploit the vulnerability to crack a password. Multiple Lenovo products are prone to a BIOS password encryption weakness. A security vulnerability exists in several Lenovo ThinkServer product servers. The following products are affected: Lenovo ThinkServer RD350 prior to 1.26.0, RD450 prior to 1.26.0, RD550 prior to 1.26.0, RD650 prior to 1.26.0, TD350 prior to 1.26.0",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-3322"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002387"
},
{
"db": "CNVD",
"id": "CNVD-2015-02718"
},
{
"db": "BID",
"id": "74198"
},
{
"db": "VULHUB",
"id": "VHN-81283"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-3322",
"trust": 3.4
},
{
"db": "BID",
"id": "74198",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002387",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201504-371",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-02718",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-81283",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-02718"
},
{
"db": "VULHUB",
"id": "VHN-81283"
},
{
"db": "BID",
"id": "74198"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002387"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-371"
},
{
"db": "NVD",
"id": "CVE-2015-3322"
}
]
},
"id": "VAR-201504-0449",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-02718"
},
{
"db": "VULHUB",
"id": "VHN-81283"
}
],
"trust": 0.06999999999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-02718"
}
]
},
"last_update_date": "2024-11-23T23:12:43.346000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "LEN-2015-018",
"trust": 0.8,
"url": "http://support.lenovo.com/us/en/product_security/ts_bios_pw"
},
{
"title": "Patches for multiple vulnerabilities in several Lenovo ThinkServer product servers",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/57753"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-02718"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002387"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-310",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81283"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002387"
},
{
"db": "NVD",
"id": "CVE-2015-3322"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://support.lenovo.com/us/en/product_security/ts_bios_pw"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/74198"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3322"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3322"
},
{
"trust": 0.3,
"url": "http://www.lenovo.com/ca/en/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-02718"
},
{
"db": "VULHUB",
"id": "VHN-81283"
},
{
"db": "BID",
"id": "74198"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002387"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-371"
},
{
"db": "NVD",
"id": "CVE-2015-3322"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-02718"
},
{
"db": "VULHUB",
"id": "VHN-81283"
},
{
"db": "BID",
"id": "74198"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002387"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-371"
},
{
"db": "NVD",
"id": "CVE-2015-3322"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-04-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-02718"
},
{
"date": "2015-04-16T00:00:00",
"db": "VULHUB",
"id": "VHN-81283"
},
{
"date": "2015-03-24T00:00:00",
"db": "BID",
"id": "74198"
},
{
"date": "2015-04-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002387"
},
{
"date": "2015-04-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201504-371"
},
{
"date": "2015-04-16T23:59:03.557000",
"db": "NVD",
"id": "CVE-2015-3322"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-04-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-02718"
},
{
"date": "2017-01-18T00:00:00",
"db": "VULHUB",
"id": "VHN-81283"
},
{
"date": "2015-03-24T00:00:00",
"db": "BID",
"id": "74198"
},
{
"date": "2015-04-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002387"
},
{
"date": "2015-04-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201504-371"
},
{
"date": "2024-11-21T02:29:09.507000",
"db": "NVD",
"id": "CVE-2015-3322"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201504-371"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Lenovo ThinkServer Vulnerability in product password decryption",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002387"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201504-371"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…