CVE-2019-19758 - OpenCVE

A vulnerability in the web interface of Lenovo EZ Media & Backup Center, ix2 & ix2-dl version 4.1.406.34763 and prior could allow an unauthenticated, remote attacker to redirect a user to an untrusted web page.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Lenovo	Ez Media \& Backup Center Ix2 Ez Media \& Backup Center Ix2-dl Ez Media \& Backup Center Ix2-dl Firmware Ez Media \& Backup Center Ix2 Firmware

Configuration 1 [-]

AND

cpe:2.3:h:lenovo:ez_media_\&_backup_center_ix2:-:*:*:*:*:*:*:*

cpe:2.3:o:lenovo:ez_media_\&_backup_center_ix2_firmware:*:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:lenovo:ez_media_\&_backup_center_ix2-dl_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:ez_media_\&_backup_center_ix2-dl:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://support.lenovo.com/us/en/product_security/LEN-30242

History

No history.

MITRE

Status: PUBLISHED

Assigner: lenovo

Published: 2020-02-14T17:10:24.379147Z

Updated: 2024-09-16T16:23:29.531Z

Reserved: 2019-12-12T00:00:00

Link: CVE-2019-19758

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-02-14T17:15:11.987

Modified: 2020-02-27T14:16:50.720

Link: CVE-2019-19758

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "EZ Media & Backup Center ix2", "vendor": "Lenovo", "versions": [{"lessThanOrEqual": "4.1.406.34763", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "EZ Media & Backup Center ix2-dl", "vendor": "Lenovo", "versions": [{"lessThanOrEqual": "4.1.406.34763", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Lenovo thanks Mostafa Noureldin for reporting this issue."}], "datePublic": "2020-02-14T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability in the web interface of Lenovo EZ Media & Backup Center, ix2 & ix2-dl version 4.1.406.34763 and prior could allow an unauthenticated, remote attacker to redirect a user to an untrusted web page."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-601", "description": "CWE-601 URL Redirection to Untrusted Site ('Open Redirect')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-02-14T17:10:24", "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://support.lenovo.com/us/en/product_security/LEN-30242"}], "solutions": [{"lang": "en", "value": "Lenovo has ended support for Lenovo EZ Media & Backup Center, ix2 & ix2-dl as of March 31, 2019, therefore Lenovo recommends discontinuation of use. If it is not feasible to discontinue use, Lenovo recommends using the device only on trusted networks and clicking on device URLs only from trustworthy sources."}], "source": {"advisory": "LEN-30242", "discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@lenovo.com", "DATE_PUBLIC": "2020-02-14T17:00:00.000Z", "ID": "CVE-2019-19758", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "EZ Media & Backup Center ix2", "version": {"version_data": [{"version_affected": "<=", "version_value": "4.1.406.34763"}]}}, {"product_name": "EZ Media & Backup Center ix2-dl", "version": {"version_data": [{"version_affected": "<=", "version_value": "4.1.406.34763"}]}}]}, "vendor_name": "Lenovo"}]}}, "credit": [{"lang": "eng", "value": "Lenovo thanks Mostafa Noureldin for reporting this issue."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the web interface of Lenovo EZ Media & Backup Center, ix2 & ix2-dl version 4.1.406.34763 and prior could allow an unauthenticated, remote attacker to redirect a user to an untrusted web page."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-601 URL Redirection to Untrusted Site ('Open Redirect')"}]}]}, "references": {"reference_data": [{"name": "https://support.lenovo.com/us/en/product_security/LEN-30242", "refsource": "MISC", "url": "https://support.lenovo.com/us/en/product_security/LEN-30242"}]}, "solution": [{"lang": "en", "value": "Lenovo has ended support for Lenovo EZ Media & Backup Center, ix2 & ix2-dl as of March 31, 2019, therefore Lenovo recommends discontinuation of use. If it is not feasible to discontinue use, Lenovo recommends using the device only on trusted networks and clicking on device URLs only from trustworthy sources."}], "source": {"advisory": "LEN-30242", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T02:25:12.624Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.lenovo.com/us/en/product_security/LEN-30242"}]}]}, "cveMetadata": {"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "assignerShortName": "lenovo", "cveId": "CVE-2019-19758", "datePublished": "2020-02-14T17:10:24.379147Z", "dateReserved": "2019-12-12T00:00:00", "dateUpdated": "2024-09-16T16:23:29.531Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:ez_media_\\&_backup_center_ix2:-:*:*:*:*:*:*:*", "matchCriteriaId": "9566563C-73FB-4470-BAAA-7C1A07A02B31", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:ez_media_\\&_backup_center_ix2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3ADE8A7F-717E-4F61-99FC-40EE723687C6", "versionEndIncluding": "4.1.406.34763", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:ez_media_\\&_backup_center_ix2-dl_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "9ED80D16-0202-4C61-8AD1-85EFF41F7E5B", "versionEndIncluding": "-4.1.406.34763", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:ez_media_\\&_backup_center_ix2-dl:-:*:*:*:*:*:*:*", "matchCriteriaId": "5DAD19F8-49D2-444B-B451-15120383D017", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the web interface of Lenovo EZ Media & Backup Center, ix2 & ix2-dl version 4.1.406.34763 and prior could allow an unauthenticated, remote attacker to redirect a user to an untrusted web page."}, {"lang": "es", "value": "Una vulnerabilidad en la interfaz web de Lenovo EZ Media & Backup Center, ix2 & ix2-dl versiones 4.1.406.34763 y anteriores, lo que podr\u00eda permitir a un atacante no autenticado remoto redireccionar a un usuario hacia una p\u00e1gina web no confiable."}], "id": "CVE-2019-19758", "lastModified": "2020-02-27T14:16:50.720", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "psirt@lenovo.com", "type": "Secondary"}]}, "published": "2020-02-14T17:15:11.987", "references": [{"source": "psirt@lenovo.com", "tags": ["Vendor Advisory"], "url": "https://support.lenovo.com/us/en/product_security/LEN-30242"}], "sourceIdentifier": "psirt@lenovo.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-601"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-601"}], "source": "psirt@lenovo.com", "type": "Secondary"}]}