{"containers": {"cna": {"affected": [{"product": "NAS products", "vendor": "Iomega and LenovoEMC", "versions": [{"status": "affected", "version": "various"}]}], "credits": [{"lang": "en", "value": "Lenovo would like to thank Rafael Pedrero for reporting this issue."}], "datePublic": "2019-08-16T00:00:00", "descriptions": [{"lang": "en", "value": "An information leakage vulnerability in Iomega and LenovoEMC NAS products could allow disclosure of some device details such as Share names through the device API when Personal Cloud is enabled. This does not allow read, write, delete, or any other access to the underlying file systems and their contents."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "Information disclosure", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-08-19T15:14:47", "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://support.lenovo.com/solutions/LEN-25557"}], "solutions": [{"lang": "en", "value": "To protect your device against this vulnerability, disable Personal Cloud. If Personal Cloud is enabled, avoid using sensitive share names and only use the device on trusted networks."}], "source": {"advisory": "LEN-25557", "discovery": "UNKNOWN"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@lenovo.com", "DATE_PUBLIC": "2019-08-16T20:00:00.000Z", "ID": "CVE-2019-6178", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "NAS products", "version": {"version_data": [{"affected": "=", "version_affected": "=", "version_value": "various"}]}}]}, "vendor_name": "Iomega and LenovoEMC"}]}}, "credit": [{"lang": "eng", "value": "Lenovo would like to thank Rafael Pedrero for reporting this issue."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An information leakage vulnerability in Iomega and LenovoEMC NAS products could allow disclosure of some device details such as Share names through the device API when Personal Cloud is enabled. This does not allow read, write, delete, or any other access to the underlying file systems and their contents."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Information disclosure"}]}]}, "references": {"reference_data": [{"name": "https://support.lenovo.com/solutions/LEN-25557", "refsource": "MISC", "url": "https://support.lenovo.com/solutions/LEN-25557"}]}, "solution": [{"lang": "en", "value": "To protect your device against this vulnerability, disable Personal Cloud. If Personal Cloud is enabled, avoid using sensitive share names and only use the device on trusted networks."}], "source": {"advisory": "LEN-25557", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T20:16:24.502Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.lenovo.com/solutions/LEN-25557"}]}]}, "cveMetadata": {"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "assignerShortName": "lenovo", "cveId": "CVE-2019-6178", "datePublished": "2019-08-19T15:14:47.694136Z", "dateReserved": "2019-01-11T00:00:00", "dateUpdated": "2024-09-17T02:37:09.217Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:px12-350r_firmware:4.0.24.34808:*:*:*:*:*:*:*", "matchCriteriaId": "96C7BA12-B49F-4918-AE76-783FE5D72311", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:px12-350r:-:*:*:*:*:*:*:*", "matchCriteriaId": "ACA01452-5C7E-4D17-B0EA-1452BD8E9D3D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:ix12-300r_firmware:4.0.24.34808:*:*:*:*:*:*:*", "matchCriteriaId": "3E03088D-AF8D-44DC-9505-8407A8EEB79D", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:ix12-300r:-:*:*:*:*:*:*:*", "matchCriteriaId": "7DEEAB5E-4F49-4315-B331-E96D3C36BF7D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:home_media_network_hard_drive_firmware:3.2.16.30221:*:*:*:cloud:*:*:*", "matchCriteriaId": "F4543A6C-DF49-4CB9-8CDD-7C89FF236CEB", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:home_media_network_hard_drive:-:*:*:*:cloud:*:*:*", "matchCriteriaId": "6B4860CB-8607-4108-9FA9-1F89100D365F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:storecenter_ix2-200_firmware:3.2.16.30221:*:*:*:cloud:*:*:*", "matchCriteriaId": "9723A284-20F9-4D48-B0A1-7D631D4EABA5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:storecenter_ix2-200:-:*:*:*:cloud:*:*:*", "matchCriteriaId": "E03858D4-EF15-4B7D-BF8E-BEE20F6CE639", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:storecenter_ix4-200d_firmware:3.2.16.30221:*:*:*:cloud:*:*:*", "matchCriteriaId": "3C53D400-C373-4491-8B6A-F0C02AFA7379", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:storecenter_ix4-200d:-:*:*:*:cloud:*:*:*", "matchCriteriaId": "6F712AED-7A21-469B-A3D3-3D3AF39AE18D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:storecenter_ix2-200_firmware:2.1.50.30227:*:*:*:*:*:*:*", "matchCriteriaId": "6A8050CE-8F33-47F6-9EF5-EC0662423838", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:storecenter_ix2-200:-:*:*:*:*:*:*:*", "matchCriteriaId": "4C4A192B-5735-43C2-8B80-23151CC7951D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:storecenter_ix4-200d_firmware:2.1.50.30227:*:*:*:*:*:*:*", "matchCriteriaId": "124E6257-0C36-47C5-A9E7-2D09AA1DE340", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:storecenter_ix4-200d:-:*:*:*:*:*:*:*", "matchCriteriaId": "09FA28CB-E93C-4577-8E25-40760DDE5998", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:storecenter_ix4-200rl_firmware:2.1.50.30227:*:*:*:*:*:*:*", "matchCriteriaId": "1021BFCD-3881-4D05-8944-3697A9B9D63A", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:storecenter_ix4-200rl:-:*:*:*:*:*:*:*", "matchCriteriaId": "34873C9B-4320-40F0-B57B-720481EF1C54", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "An information leakage vulnerability in Iomega and LenovoEMC NAS products could allow disclosure of some device details such as Share names through the device API when Personal Cloud is enabled. This does not allow read, write, delete, or any other access to the underlying file systems and their contents."}, {"lang": "es", "value": "Una vulnerabilidad de filtraci\u00f3n de informaci\u00f3n en los productos NAS de Iomega y LenovoEMC, podr\u00eda permitir la divulgaci\u00f3n de algunos detalles del dispositivo, tales como nombres de Share por medio de la API del dispositivo cuando es habilitado Personal Cloud. Esto no permite leer, escribir, eliminar o cualquier otro acceso a los sistemas de archivos subyacentes y sus contenidos."}], "id": "CVE-2019-6178", "lastModified": "2024-11-21T04:46:06.613", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "psirt@lenovo.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-08-19T16:15:11.177", "references": [{"source": "psirt@lenovo.com", "tags": ["Vendor Advisory"], "url": "https://support.lenovo.com/solutions/LEN-25557"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.lenovo.com/solutions/LEN-25557"}], "sourceIdentifier": "psirt@lenovo.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}