CVE-2019-6178 — MEDIUM (5.3)

Vulnerability Description

An information leakage vulnerability in Iomega and LenovoEMC NAS products could allow disclosure of some device details such as Share names through the device API when Personal Cloud is enabled. This does not allow read, write, delete, or any other access to the underlying file systems and their contents.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Lenovo	Px12-350R Firmware	4.0.24.34808
Lenovo	Px12-350R	-
Lenovo	Ix12-300R Firmware	4.0.24.34808
Lenovo	Ix12-300R	-
Lenovo	Home Media Network Hard Drive Firmware	3.2.16.30221
Lenovo	Home Media Network Hard Drive	-
Lenovo	Storecenter Ix2-200 Firmware	3.2.16.30221
Lenovo	Storecenter Ix2-200	-
Lenovo	Storecenter Ix4-200D Firmware	3.2.16.30221
Lenovo	Storecenter Ix4-200D	-
Lenovo	Storecenter Ix4-200Rl Firmware	2.1.50.30227
Lenovo	Storecenter Ix4-200Rl	-

References

https://support.lenovo.com/solutions/LEN-25557Vendor Advisory
https://support.lenovo.com/solutions/LEN-25557Vendor Advisory

FAQ

What is CVE-2019-6178?

CVE-2019-6178 is a vulnerability with a CVSS score of 5.3 (MEDIUM). An information leakage vulnerability in Iomega and LenovoEMC NAS products could allow disclosure of some device details such as Share names through the device API when Personal Cloud is enabled. This ...

How severe is CVE-2019-6178?

CVE-2019-6178 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-6178?

Check the references section above for vendor advisories and patch information. Affected products include: Lenovo Px12-350R Firmware, Lenovo Px12-350R, Lenovo Ix12-300R Firmware, Lenovo Ix12-300R, Lenovo Home Media Network Hard Drive Firmware.