Vulnerability Details : CVE-2019-6178
An information leakage vulnerability in Iomega and LenovoEMC NAS products could allow disclosure of some device details such as Share names through the device API when Personal Cloud is enabled. This does not allow read, write, delete, or any other access to the underlying file systems and their contents.
Products affected by CVE-2019-6178
- cpe:2.3:o:lenovo:px12-350r_firmware:4.0.24.34808:*:*:*:*:*:*:*
- cpe:2.3:o:lenovo:ix12-300r_firmware:4.0.24.34808:*:*:*:*:*:*:*
- cpe:2.3:o:lenovo:home_media_network_hard_drive_firmware:3.2.16.30221:*:*:*:cloud:*:*:*
- cpe:2.3:o:lenovo:storecenter_ix2-200_firmware:3.2.16.30221:*:*:*:cloud:*:*:*
- cpe:2.3:o:lenovo:storecenter_ix2-200_firmware:2.1.50.30227:*:*:*:*:*:*:*
- cpe:2.3:o:lenovo:storecenter_ix4-200d_firmware:3.2.16.30221:*:*:*:cloud:*:*:*
- cpe:2.3:o:lenovo:storecenter_ix4-200d_firmware:2.1.50.30227:*:*:*:*:*:*:*
- cpe:2.3:o:lenovo:storecenter_ix4-200rl_firmware:2.1.50.30227:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-6178
0.08%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 35 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-6178
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:N |
8.6
|
2.9
|
NIST | |
5.3
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
3.9
|
1.4
|
Lenovo Group Ltd. | |
5.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
3.9
|
1.4
|
NIST |
References for CVE-2019-6178
-
https://support.lenovo.com/solutions/LEN-25557
Iomega and LenovoEMC NAS Vulnerability - USVendor Advisory
Jump to