Vulnerabilities > CVE-2019-6178 - Unspecified vulnerability in Lenovo products

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

lenovo

NVD

Published: 2019-08-19

Updated: 2022-10-14

Summary

An information leakage vulnerability in Iomega and LenovoEMC NAS products could allow disclosure of some device details such as Share names through the device API when Personal Cloud is enabled. This does not allow read, write, delete, or any other access to the underlying file systems and their contents.

Vulnerable Configurations

Part	Description	Count
OS	Lenovo Lenovo Px12 350R Firmware 4.0.24.34808 Lenovo Ix12 300R Firmware 4.0.24.34808 Lenovo Home Media Network Hard Drive Firmware 3.2.16.30221 Lenovo Storecenter IX2 200 Firmware 3.2.16.30221 Lenovo Storecenter IX2 200 Firmware 2.1.50.30227 Lenovo Storecenter IX4 200D Firmware 3.2.16.30221 Lenovo Storecenter IX4 200D Firmware 2.1.50.30227 Lenovo Storecenter IX4 200Rl Firmware 2.1.50.30227	8
Hardware	Lenovo Lenovo Px12 350R - Lenovo Ix12 300R - Lenovo Home Media Network Hard Drive - Lenovo Storecenter IX2 200 - Lenovo Storecenter IX4 200D - Lenovo Storecenter IX4 200Rl -	8

References

https://support.lenovo.com/solutions/LEN-25557