Vulnerability Description
A vulnerability in various versions of Iomega and LenovoEMC NAS products could allow an unauthenticated user to access files on NAS shares via the API.
CVSS Score
8.8
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Lenovo | Px12-350R Firmware | < 4.0.24.34808 |
| Lenovo | Px12-350R | - |
| Lenovo | Ix12-300R Firmware | < 4.0.24.34808 |
| Lenovo | Ix12-300R | - |
| Lenovo | Home Media Network Hard Drive Firmware | < 3.2.16.30221 |
| Lenovo | Home Media Network Hard Drive | - |
| Lenovo | Storcenter Ix2-200 Firmware | < 3.2.16.30221 |
| Lenovo | Storcenter Ix2-200 | - |
| Lenovo | Storcenter Ix4-200D Firmware | < 3.2.16.30221 |
| Lenovo | Storcenter Ix4-200D | - |
| Lenovo | Storcenter Ix-200 | - |
| Lenovo | Storcenter Ix4-200Rl Firmware | < 2.1.50.30227 |
| Lenovo | Storcenter Ix4-200Rl | - |
References
- https://support.lenovo.com/solutions/LEN-25557PatchVendor Advisory
- https://support.lenovo.com/solutions/LEN-25557PatchVendor Advisory
FAQ
What is CVE-2019-6160?
CVE-2019-6160 is a vulnerability with a CVSS score of 8.8 (HIGH). A vulnerability in various versions of Iomega and LenovoEMC NAS products could allow an unauthenticated user to access files on NAS shares via the API.
How severe is CVE-2019-6160?
CVE-2019-6160 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-6160?
Check the references section above for vendor advisories and patch information. Affected products include: Lenovo Px12-350R Firmware, Lenovo Px12-350R, Lenovo Ix12-300R Firmware, Lenovo Ix12-300R, Lenovo Home Media Network Hard Drive Firmware.