Vulnerability Details : CVE-2015-3323
The ThinkServer System Manager (TSM) Baseboard Management Controller before firmware 1.27.73476 for ThinkServer RD350, RD450, RD550, RD650, and TD350 allows remote attackers to cause a denial of service (web interface crash) via a malformed HTTP request during authentication.
Vulnerability category: Input validationDenial of service
Products affected by CVE-2015-3323
- Lenovo » Thinkserver System Manager Baseboard Management Controller FirmwareVersions up to, including, (<=) 118.71532.cpe:2.3:o:lenovo:thinkserver_system_manager_baseboard_management_controller_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-3323
0.30%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 65 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-3323
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2015-3323
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-3323
-
http://www.securityfocus.com/bid/74197
Lenovo ThinkServer System Manager CVE-2015-3323 Denial of Service Vulnerability
-
http://support.lenovo.com/us/en/product_security/tsm_weak_pw
Multiple ThinkServer System Manager (TSM) *50-series Security Weaknesses - USVendor Advisory
Jump to