CVE-2015-3324

Currently unrated

Key Information:

Vendor: Lenovo
Status: Thinkserver System Manager Baseboard Management Controller Firmware
Vendor: CVE Published:; 16 April 2015

Summary

The ThinkServer System Manager (TSM) Baseboard Management Controller before firmware 1.27.73476 for ThinkServer RD350, RD450, RD550, RD650, and TD350 does not validate server certificates during an "encrypted remote KVM session," which allows man-in-the-middle attackers to spoof servers.

References

http://www.securityfocus.com/bid/74199

vdb-entryx_refsource_BID

http://support.lenovo.com/us/en/product_security/tsm_weak_pw

x_refsource_CONFIRM

Timeline

Vulnerability published
Apr 16, 2015
Vulnerability Reserved
Apr 16, 2015