CVE-2019-6160

A vulnerability in various versions of Iomega and LenovoEMC NAS products could allow an unauthenticated user to access files on NAS shares via the API.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
lenovoCNA
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 64%
VendorProductVersion
lenovopx12-350r_firmware
𝑥
< 4.0.24.34808
lenovoix12-300r_firmware
𝑥
< 4.0.24.34808
lenovohome_media_network_hard_drive_firmware
𝑥
< 3.2.16.30221
lenovostorcenter_ix2-200_firmware
𝑥
< 3.2.16.30221
lenovostorcenter_ix4-200d_firmware
𝑥
< 3.2.16.30221
lenovostorcenter_ix2-200_firmware
𝑥
< 2.1.50.30227
lenovostorcenter_ix4-200d_firmware
𝑥
< 2.1.50.30227
lenovostorcenter_ix4-200rl_firmware
𝑥
< 2.1.50.30227
𝑥
= Vulnerable software versions
References
https://support.lenovo.com/solutions/LEN-25557
https://support.lenovo.com/solutions/LEN-25557