Sign-up

ID

VAR-201908-0042


CVE

CVE-2019-6178


TITLE

Iomega and LenovoEMC NAS Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2019-008526

DESCRIPTION

An information leakage vulnerability in Iomega and LenovoEMC NAS products could allow disclosure of some device details such as Share names through the device API when Personal Cloud is enabled. This does not allow read, write, delete, or any other access to the underlying file systems and their contents. Iomega and LenovoEMC NAS Contains an information disclosure vulnerability.Information may be obtained. LenovoEMC px12-350r is a network storage device of LenovoEMC. An attacker could exploit this vulnerability to disclose device details. The following products and versions are affected: px12-350r version 4.0.24.34808; ix12-300r version 4.0.24.34808; HMNHD (Home Media Network Hard Drive) (Cloud Editiond) version 3.2.16.30221; StorCenter ix2-200 (Cloud Editiond)3.2. Version 16.30221; StorCenter ix4-200d (Cloud Edition) version 3.2.16.30221; StorCenter ix2-200 version 2.1.50.30227; StorCenter ix4-200d version 2.1.50.30227; StorCenter ix4-200rl version 2.1.50.30227

Trust: 1.71

sources: NVD: CVE-2019-6178 // JVNDB: JVNDB-2019-008526 // VULHUB: VHN-157613

AFFECTED PRODUCTS

vendor:lenovomodel:ix12-300rscope:eqversion:4.0.24.34808

Trust: 1.0

vendor:lenovomodel:px12-350rscope:eqversion:4.0.24.34808

Trust: 1.0

vendor:lenovomodel:storecenter ix2-200scope:eqversion:2.1.50.30227

Trust: 1.0

vendor:lenovomodel:storecenter ix4-200dscope:eqversion:2.1.50.30227

Trust: 1.0

vendor:lenovomodel:home media network hard drivescope:eqversion:3.2.16.30221

Trust: 1.0

vendor:lenovomodel:storecenter ix4-200dscope:eqversion:3.2.16.30221

Trust: 1.0

vendor:lenovomodel:storecenter ix4-200rlscope:eqversion:2.1.50.30227

Trust: 1.0

vendor:lenovomodel:storecenter ix2-200scope:eqversion:3.2.16.30221

Trust: 1.0

vendor:lenovomodel:hmnhdscope: - version: -

Trust: 0.8

vendor:lenovomodel:ix12-300rscope: - version: -

Trust: 0.8

vendor:lenovomodel:px12-350rscope: - version: -

Trust: 0.8

vendor:lenovomodel:storecenter ix2-200scope: - version: -

Trust: 0.8

vendor:lenovomodel:storecenter ix4-200dscope: - version: -

Trust: 0.8

vendor:lenovomodel:storecenter ix4-200rlscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-008526 // NVD: CVE-2019-6178

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-6178
value: MEDIUM

Trust: 1.0

psirt@lenovo.com: CVE-2019-6178
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-6178
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201908-1252
value: MEDIUM

Trust: 0.6

VULHUB: VHN-157613
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-6178
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-157613
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

psirt@lenovo.com: CVE-2019-6178
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2019-6178
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-157613 // JVNDB: JVNDB-2019-008526 // CNNVD: CNNVD-201908-1252 // NVD: CVE-2019-6178 // NVD: CVE-2019-6178

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-200

Trust: 0.9

sources: VULHUB: VHN-157613 // JVNDB: JVNDB-2019-008526 // NVD: CVE-2019-6178

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201908-1252

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201908-1252

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-008526

PATCH
title:LEN-25557url:https://support.lenovo.com/jp/ja/solutions/len-25557
Trust: 0.8
title:Iomega  and LenovoEMC NAS Repair measures for device information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96896
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-008526 // 
            
            
            
            CNNVD: CNNVD-201908-1252

EXTERNAL IDS
db:NVDid:CVE-2019-6178
Trust: 2.5
db:LENOVOid:LEN-25557
Trust: 1.7
db:JVNDBid:JVNDB-2019-008526
Trust: 0.8
db:CNNVDid:CNNVD-201908-1252
Trust: 0.7
db:VULHUBid:VHN-157613
Trust: 0.1
sources:
            
            
            VULHUB: VHN-157613 // 
            
            
            
            JVNDB: JVNDB-2019-008526 // 
            
            
            
            CNNVD: CNNVD-201908-1252 // 
            
            
            
            NVD: CVE-2019-6178

REFERENCES
url:https://support.lenovo.com/solutions/len-25557
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-6178
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6178
Trust: 0.8
sources:
            
            
            VULHUB: VHN-157613 // 
            
            
            
            JVNDB: JVNDB-2019-008526 // 
            
            
            
            CNNVD: CNNVD-201908-1252 // 
            
            
            
            NVD: CVE-2019-6178

SOURCES
db:VULHUBid:VHN-157613
db:JVNDBid:JVNDB-2019-008526
db:CNNVDid:CNNVD-201908-1252
db:NVDid:CVE-2019-6178

LAST UPDATE DATE
2024-11-23T22:44:56.233000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-157613date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2019-008526date:2019-09-03T00:00:00
db:CNNVDid:CNNVD-201908-1252date:2020-08-25T00:00:00
db:NVDid:CVE-2019-6178date:2024-11-21T04:46:06.613

SOURCES RELEASE DATE
db:VULHUBid:VHN-157613date:2019-08-19T00:00:00
db:JVNDBid:JVNDB-2019-008526date:2019-09-03T00:00:00
db:CNNVDid:CNNVD-201908-1252date:2019-08-19T00:00:00
db:NVDid:CVE-2019-6178date:2019-08-19T16:15:11.177