CVE-2019-6178

EUVD-2019-15745
An information leakage vulnerability in Iomega and LenovoEMC NAS products could allow disclosure of some device details such as Share names through the device API when Personal Cloud is enabled. This does not allow read, write, delete, or any other access to the underlying file systems and their contents.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
lenovoCNA
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 46%
Affected Products (NVD)
VendorProductVersion
lenovopx12-350r_firmware
4.0.24.34808
lenovoix12-300r_firmware
4.0.24.34808
lenovohome_media_network_hard_drive_firmware
3.2.16.30221
lenovostorecenter_ix2-200_firmware
3.2.16.30221
lenovostorecenter_ix4-200d_firmware
3.2.16.30221
lenovostorecenter_ix2-200_firmware
2.1.50.30227
lenovostorecenter_ix4-200d_firmware
2.1.50.30227
lenovostorecenter_ix4-200rl_firmware
2.1.50.30227
𝑥
= Vulnerable software versions
References
https://support.lenovo.com/solutions/LEN-25557
https://support.lenovo.com/solutions/LEN-25557