Denial of Service Vulnerability in Lenovo ThinkServer System Manager
CVE-2015-3323

Currently unrated

Key Information:

Vendor: Lenovo
Status: Thinkserver System Manager Baseboard Management Controller Firmware
Vendor: CVE Published:; 16 April 2015

What is CVE-2015-3323?

The ThinkServer System Manager (TSM) Baseboard Management Controller prior to firmware version 1.27.73476 is susceptible to a denial of service attack. Remote attackers can exploit this vulnerability by sending malformed HTTP requests during the authentication process, which results in a crash of the web interface. This vulnerability affects several models including the ThinkServer RD350, RD450, RD550, RD650, and TD350, potentially disrupting service availability and management capabilities for users.

References

http://www.securityfocus.com/bid/74197

vdb-entryx_refsource_BID

http://support.lenovo.com/us/en/product_security/tsm_weak_pw

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 16, 2015
Vulnerability Reserved
Apr 16, 2015