Unrated severityNVD Advisory· Published Apr 16, 2015· Updated May 6, 2026

CVE-2015-3322

Description

Lenovo ThinkServer RD350, RD450, RD550, RD650, and TD350 servers before 1.26.0 use weak encryption to store (1) user and (2) administrator BIOS passwords, which allows attackers to decrypt the passwords via unspecified vectors.

Affected products

Lenovo/Thinkserver Rd350
cpe:2.3:h:lenovo:thinkserver_rd350:*:*:*:*:*:*:*:*
Lenovo/Thinkserver Rd450
cpe:2.3:h:lenovo:thinkserver_rd450:*:*:*:*:*:*:*:*
Lenovo/Thinkserver Rd550
cpe:2.3:h:lenovo:thinkserver_rd550:*:*:*:*:*:*:*:*
Lenovo/Thinkserver Rd650
cpe:2.3:h:lenovo:thinkserver_rd650:*:*:*:*:*:*:*:*
Lenovo/Thinkserver Td350
cpe:2.3:h:lenovo:thinkserver_td350:*:*:*:*:*:*:*:*
Lenovo/Thinkserver Rd350 Firmware
cpe:2.3:o:lenovo:thinkserver_rd350_firmware:*:*:*:*:*:*:*:*
Range: <=1.25.0
Lenovo/Thinkserver Rd450 Firmware
cpe:2.3:o:lenovo:thinkserver_rd450_firmware:*:*:*:*:*:*:*:*
Range: <=1.25.0
Lenovo/Thinkserver Rd550 Firmware
cpe:2.3:o:lenovo:thinkserver_rd550_firmware:*:*:*:*:*:*:*:*
Range: <=1.25.0
Lenovo/Thinkserver Rd650 Firmware
cpe:2.3:o:lenovo:thinkserver_rd650_firmware:*:*:*:*:*:*:*:*
Range: <=1.25.0
Lenovo/Thinkserver Td350 Firmware
cpe:2.3:o:lenovo:thinkserver_td350_firmware:*:*:*:*:*:*:*:*
Range: <=1.25.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

support.lenovo.com/us/en/product_security/ts_bios_pwnvdPatchVendor Advisory
www.securityfocus.com/bid/74198nvdThird Party AdvisoryVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000