CVE-2019-6178

Published: Aug 19, 2019Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

An information leakage vulnerability in Iomega and LenovoEMC NAS products could allow disclosure of some device details such as Share names through the device API when Personal Cloud is enabled. This does not allow read, write, delete, or any other access to the underlying file systems and their contents.

Affected (8)

Products: Lenovo: Px12 350r Firmware, Ix12 300r Firmware, Home Media Network Hard Drive Firmware, Storecenter Ix2 200 Firmware, Storecenter Ix4 200d Firmware, Storecenter Ix4 200rl Firmware

Lenovo

6 products

Px12 350r Firmware

Ix12 300r Firmware

Home Media Network Hard Drive Firmware

Storecenter Ix2 200 Firmware

Storecenter Ix4 200d Firmware

Storecenter Ix4 200rl Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Px12 350r Firmware	Version 4.0.24.34808

Running on/with	Platform Versions
Lenovo Px12 350r	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Ix12 300r Firmware	Version 4.0.24.34808

Running on/with	Platform Versions
Lenovo Ix12 300r	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Home Media Network Hard Drive Firmware	Version 3.2.16.30221

Running on/with	Platform Versions
Lenovo Home Media Network Hard Drive	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Storecenter Ix2 200 Firmware	Version 3.2.16.30221

Running on/with	Platform Versions
Lenovo Storecenter Ix2 200	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Storecenter Ix4 200d Firmware	Version 3.2.16.30221

Running on/with	Platform Versions
Lenovo Storecenter Ix4 200d	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Storecenter Ix2 200 Firmware	Version 2.1.50.30227

Running on/with	Platform Versions
Lenovo Storecenter Ix2 200	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Storecenter Ix4 200d Firmware	Version 2.1.50.30227

Running on/with	Platform Versions
Lenovo Storecenter Ix4 200d	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Storecenter Ix4 200rl Firmware	Version 2.1.50.30227

Running on/with	Platform Versions
Lenovo Storecenter Ix4 200rl	All versions

References (2)

https://support.lenovo.com/solutions/LEN-25557

Source: psirt@lenovo.com

Vendor Advisory

https://support.lenovo.com/solutions/LEN-25557

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.