Vulnerability Details CVE-2015-3324
The ThinkServer System Manager (TSM) Baseboard Management Controller before firmware 1.27.73476 for ThinkServer RD350, RD450, RD550, RD650, and TD350 does not validate server certificates during an "encrypted remote KVM session," which allows man-in-the-middle attackers to spoof servers.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 34.9%
CVSS Severity
CVSS v2 Score 4.3
References
Products affected by CVE-2015-3324
-
cpe:2.3:h:lenovo:thinkserver_rd350:-
-
cpe:2.3:h:lenovo:thinkserver_rd450:-
-
cpe:2.3:h:lenovo:thinkserver_rd550:-
-
cpe:2.3:h:lenovo:thinkserver_rd650:-
-
cpe:2.3:h:lenovo:thinkserver_td350:-
-
cpe:2.3:o:lenovo:thinkserver_system_manager_baseboard_management_controller_firmware:118.71532