Details of VAR-201504-0450

ID

VAR-201504-0450

CVE

CVE-2015-3323

TITLE

plural ThinkServer for ThinkServer System Manager Baseboard Management Controller Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2015-002388

DESCRIPTION

The ThinkServer System Manager (TSM) Baseboard Management Controller before firmware 1.27.73476 for ThinkServer RD350, RD450, RD550, RD650, and TD350 allows remote attackers to cause a denial of service (web interface crash) via a malformed HTTP request during authentication. Lenovo ThinkServer System Manager is prone to a denial-of-service vulnerability. Attackers can exploit this issue to cause the web-interface to crash, resulting in a denial-of-service condition. Lenovo ThinkServer System Manager (TSM) Baseboard Management Controller (BMC) for ThinkServer RD350, etc. is a controller embedded in the hardware devices of ThinkServer RD350 and other servers from China Lenovo to manage and monitor server status. There are security vulnerabilities in the TSM BMC of several ThinkServer products using firmware versions earlier than 1.27.73476. The following products are affected: ThinkServer RD350, RD450, RD550, RD650, TD350

Trust: 1.98

sources: NVD: CVE-2015-3323 // JVNDB: JVNDB-2015-002388 // BID: 74197 // VULHUB: VHN-81284

AFFECTED PRODUCTS

vendor:	lenovo	model:	thinkserver td350	scope:	-	version:	-	Trust: 1.1
vendor:	lenovo	model:	thinkserver rd650	scope:	-	version:	-	Trust: 1.1
vendor:	lenovo	model:	thinkserver rd550	scope:	-	version:	-	Trust: 1.1
vendor:	lenovo	model:	thinkserver rd450	scope:	-	version:	-	Trust: 1.1
vendor:	lenovo	model:	thinkserver rd350	scope:	-	version:	-	Trust: 1.1
vendor:	lenovo	model:	thinkserver system manager baseboard management controller	scope:	lte	version:	118.71532.	Trust: 1.0
vendor:	lenovo	model:	thinkserver system manager baseboard management controller	scope:	lt	version:	1.27.73476	Trust: 0.8
vendor:	lenovo	model:	thinkserver system manager baseboard management controller	scope:	eq	version:	118.71532.	Trust: 0.6
vendor:	lenovo	model:	thinkserver system manager	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	thinkserver system manager	scope:	ne	version:	1.27.73476	Trust: 0.3

sources: BID: 74197 // JVNDB: JVNDB-2015-002388 // CNNVD: CNNVD-201504-372 // NVD: CVE-2015-3323

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-3323
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-3323
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201504-372
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-81284
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-3323
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-81284
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-81284 // JVNDB: JVNDB-2015-002388 // CNNVD: CNNVD-201504-372 // NVD: CVE-2015-3323

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-81284 // JVNDB: JVNDB-2015-002388 // NVD: CVE-2015-3323

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201504-372

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201504-372

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-002388

PATCH

title:

LEN-2015-024

url:

http://support.lenovo.com/us/en/product_security/tsm_weak_pw

Trust: 0.8

sources: JVNDB: JVNDB-2015-002388

EXTERNAL IDS

db:	NVD	id:	CVE-2015-3323	Trust: 2.8
db:	BID	id:	74197	Trust: 1.4
db:	JVNDB	id:	JVNDB-2015-002388	Trust: 0.8
db:	CNNVD	id:	CNNVD-201504-372	Trust: 0.7
db:	VULHUB	id:	VHN-81284	Trust: 0.1

sources: VULHUB: VHN-81284 // BID: 74197 // JVNDB: JVNDB-2015-002388 // CNNVD: CNNVD-201504-372 // NVD: CVE-2015-3323

REFERENCES

url:	http://support.lenovo.com/us/en/product_security/tsm_weak_pw	Trust: 2.0
url:	http://www.securityfocus.com/bid/74197	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3323	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3323	Trust: 0.8
url:	http://www.lenovo.com/ca/en/	Trust: 0.3

sources: VULHUB: VHN-81284 // BID: 74197 // JVNDB: JVNDB-2015-002388 // CNNVD: CNNVD-201504-372 // NVD: CVE-2015-3323

CREDITS

Lenovo

Trust: 0.3

sources: BID: 74197

SOURCES

db:	VULHUB	id:	VHN-81284
db:	BID	id:	74197
db:	JVNDB	id:	JVNDB-2015-002388
db:	CNNVD	id:	CNNVD-201504-372
db:	NVD	id:	CVE-2015-3323

LAST UPDATE DATE

2024-11-23T22:42:29.047000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-81284	date:	2016-12-06T00:00:00
db:	BID	id:	74197	date:	2015-03-24T00:00:00
db:	JVNDB	id:	JVNDB-2015-002388	date:	2015-04-21T00:00:00
db:	CNNVD	id:	CNNVD-201504-372	date:	2015-04-17T00:00:00
db:	NVD	id:	CVE-2015-3323	date:	2024-11-21T02:29:09.660

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-81284	date:	2015-04-16T00:00:00
db:	BID	id:	74197	date:	2015-03-24T00:00:00
db:	JVNDB	id:	JVNDB-2015-002388	date:	2015-04-21T00:00:00
db:	CNNVD	id:	CNNVD-201504-372	date:	2015-04-17T00:00:00
db:	NVD	id:	CVE-2015-3323	date:	2015-04-16T23:59:04.620