CVE-2019-6160 - Vulnerability Details

Vendors	Products
Lenovo	Home Media Network Hard Drive Home Media Network Hard Drive Firmware Ix12-300r Ix12-300r Firmware Px12-350r Px12-350r Firmware Storcenter Ix-200 Storcenter Ix2-200 Storcenter Ix2-200 Firmware Storcenter Ix4-200d Storcenter Ix4-200d Firmware Storcenter Ix4-200rl Storcenter Ix4-200rl Firmware

Link	Providers
https://support.lenovo.com/solutions/LEN-25557

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "NAS products", "vendor": "Iomega and LenovoEMC", "versions": [{"status": "affected", "version": "various"}]}], "credits": [{"lang": "en", "value": "Lenovo would like to thank WhiteHat Security and Vertical Structure for reporting this issue."}], "datePublic": "2019-07-16T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability in various versions of Iomega and LenovoEMC NAS products could allow an unauthenticated user to access files on NAS shares via the API."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "Information disclosure", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-07-16T18:53:10", "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://support.lenovo.com/solutions/LEN-25557"}], "solutions": [{"lang": "en", "value": "Update to the firmware level (or later) described for your system in the Product Impact section of LEN-25557.  If it is not feasible to update the firmware immediately, partial protection can be achieved by removing any public shares and using the device only on trusted networks."}], "source": {"advisory": "LEN-25557", "discovery": "UNKNOWN"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@lenovo.com", "DATE_PUBLIC": "2019-07-16T16:00:00.000Z", "ID": "CVE-2019-6160", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "NAS products", "version": {"version_data": [{"affected": "=", "version_affected": "=", "version_value": "various"}]}}]}, "vendor_name": "Iomega and LenovoEMC"}]}}, "credit": [{"lang": "eng", "value": "Lenovo would like to thank WhiteHat Security and Vertical Structure for reporting this issue."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in various versions of Iomega and LenovoEMC NAS products could allow an unauthenticated user to access files on NAS shares via the API."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Information disclosure"}]}]}, "references": {"reference_data": [{"name": "https://support.lenovo.com/solutions/LEN-25557", "refsource": "CONFIRM", "url": "https://support.lenovo.com/solutions/LEN-25557"}]}, "solution": [{"lang": "en", "value": "Update to the firmware level (or later) described for your system in the Product Impact section of LEN-25557.  If it is not feasible to update the firmware immediately, partial protection can be achieved by removing any public shares and using the device only on trusted networks."}], "source": {"advisory": "LEN-25557", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T20:16:24.569Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.lenovo.com/solutions/LEN-25557"}]}]}, "cveMetadata": {"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "assignerShortName": "lenovo", "cveId": "CVE-2019-6160", "datePublished": "2019-07-16T18:53:10.650443Z", "dateReserved": "2019-01-11T00:00:00", "dateUpdated": "2024-09-16T18:08:53.112Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : NAS products (string)

vendor : Iomega and LenovoEMC (string)

versions : [ »

0 : { »

status : affected (string)

version : various (string)

}

]

}

]

credits : [ »

0 : { »

lang : en (string)

value : Lenovo would like to thank WhiteHat Security and Vertical Structure for reporting this issue. (string)

}

]

datePublic : 2019-07-16T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : A vulnerability in various versions of Iomega and LenovoEMC NAS products could allow an unauthenticated user to access files on NAS shares via the API. (string)

}

]

metrics : [ »

0 : { »

cvssV3_0 : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 8.8 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (string)

version : 3.0 (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : Information disclosure (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2019-07-16T18:53:10 (string)

orgId : da227ddf-6e25-4b41-b023-0f976dcaca4b (string)

shortName : lenovo (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://support.lenovo.com/solutions/LEN-25557 (string)

}

]

solutions : [ »

0 : { »

lang : en (string)

value : Update to the firmware level (or later) described for your system in the Product Impact section of LEN-25557. If it is not feasible to update the firmware immediately, partial protection can be achieved by removing any public shares and using the device only on trusted networks. (string)

}

]

source : { »

advisory : LEN-25557 (string)

discovery : UNKNOWN (string)

}

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : psirt@lenovo.com (string)

DATE_PUBLIC : 2019-07-16T16:00:00.000Z (string)

ID : CVE-2019-6160 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : NAS products (string)

version : { »

version_data : [ »

0 : { »

affected : = (string)

version_affected : = (string)

version_value : various (string)

}

]

}

]

}

vendor_name : Iomega and LenovoEMC (string)

}

]

}

credit : [ »

0 : { »

lang : eng (string)

value : Lenovo would like to thank WhiteHat Security and Vertical Structure for reporting this issue. (string)

}

]

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : A vulnerability in various versions of Iomega and LenovoEMC NAS products could allow an unauthenticated user to access files on NAS shares via the API. (string)

}

]

}

impact : { »

cvss : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 8.8 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (string)

version : 3.0 (string)

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : Information disclosure (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://support.lenovo.com/solutions/LEN-25557 (string)

refsource : CONFIRM (string)

url : https://support.lenovo.com/solutions/LEN-25557 (string)

}

]

}

solution : [ »

0 : { »

lang : en (string)

value : Update to the firmware level (or later) described for your system in the Product Impact section of LEN-25557. If it is not feasible to update the firmware immediately, partial protection can be achieved by removing any public shares and using the device only on trusted networks. (string)

}

]

source : { »

advisory : LEN-25557 (string)

discovery : UNKNOWN (string)

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-04T20:16:24.569Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://support.lenovo.com/solutions/LEN-25557 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : da227ddf-6e25-4b41-b023-0f976dcaca4b (string)

assignerShortName : lenovo (string)

cveId : CVE-2019-6160 (string)

datePublished : 2019-07-16T18:53:10.650443Z (string)

dateReserved : 2019-01-11T00:00:00 (string)

dateUpdated : 2024-09-16T18:08:53.112Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:px12-350r_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "61214E32-2C84-4AEE-8E7D-9C8D5C338F92", "versionEndExcluding": "4.0.24.34808", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:px12-350r:-:*:*:*:*:*:*:*", "matchCriteriaId": "ACA01452-5C7E-4D17-B0EA-1452BD8E9D3D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:ix12-300r_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "8EF2CD56-1F60-4E73-84D8-3130ADF35917", "versionEndExcluding": "4.0.24.34808", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:ix12-300r:-:*:*:*:*:*:*:*", "matchCriteriaId": "7DEEAB5E-4F49-4315-B331-E96D3C36BF7D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:home_media_network_hard_drive_firmware:*:*:*:*:cloud:*:*:*", "matchCriteriaId": "CE01E59B-BB43-467A-A983-FCB2B485FD91", "versionEndExcluding": "3.2.16.30221", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:home_media_network_hard_drive:-:*:*:*:*:*:*:*", "matchCriteriaId": "B79E103A-705F-4BAA-98DC-290302CB298E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:storcenter_ix2-200_firmware:*:*:*:*:cloud:*:*:*", "matchCriteriaId": "E68008D9-E672-44E6-9110-A1084A297CC7", "versionEndExcluding": "3.2.16.30221", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:storcenter_ix2-200:-:*:*:*:*:*:*:*", "matchCriteriaId": "ECC671AA-4C30-47DE-8BE4-986F480356C1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:storcenter_ix4-200d_firmware:*:*:*:*:cloud:*:*:*", "matchCriteriaId": "8355B16F-A04F-4AB0-A3AF-1108D7D81D7C", "versionEndExcluding": "3.2.16.30221", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:storcenter_ix4-200d:-:*:*:*:*:*:*:*", "matchCriteriaId": "22351E6B-AED2-43CA-A91B-A9C530A465AE", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:storcenter_ix2-200_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0B6C230F-BB67-4721-AF47-B25FC2DF9099", "versionEndExcluding": "2.1.50.30227", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:storcenter_ix-200:-:*:*:*:*:*:*:*", "matchCriteriaId": "49029F54-9D53-4B48-BBD1-156F586BBDBB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:storcenter_ix4-200d_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C086F80D-C629-49E7-A8B7-581CE3BD3C43", "versionEndExcluding": "2.1.50.30227", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:storcenter_ix4-200d:-:*:*:*:*:*:*:*", "matchCriteriaId": "22351E6B-AED2-43CA-A91B-A9C530A465AE", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:storcenter_ix4-200rl_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0B35540D-43A2-42DA-BF5A-38A32A3F07E2", "versionEndExcluding": "2.1.50.30227", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:storcenter_ix4-200rl:-:*:*:*:*:*:*:*", "matchCriteriaId": "02B4B193-E037-4DCB-94F1-0F7A2D7F290B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A vulnerability in various versions of Iomega and LenovoEMC NAS products could allow an unauthenticated user to access files on NAS shares via the API."}, {"lang": "es", "value": "Una vulnerabilidad en varias versiones de los productos NAS de Iomega y LenovoEMC, podr\u00eda permitir a un usuario no autenticado acceder a archivos en recursos compartidos de NAS por medio de la API."}], "id": "CVE-2019-6160", "lastModified": "2024-11-21T04:46:03.290", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "psirt@lenovo.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-07-16T19:15:13.127", "references": [{"source": "psirt@lenovo.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://support.lenovo.com/solutions/LEN-25557"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://support.lenovo.com/solutions/LEN-25557"}], "sourceIdentifier": "psirt@lenovo.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:lenovo:px12-350r_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 61214E32-2C84-4AEE-8E7D-9C8D5C338F92 (string)

versionEndExcluding : 4.0.24.34808 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:lenovo:px12-350r:-:*:*:*:*:*:*:* (string)

matchCriteriaId : ACA01452-5C7E-4D17-B0EA-1452BD8E9D3D (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:lenovo:ix12-300r_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 8EF2CD56-1F60-4E73-84D8-3130ADF35917 (string)

versionEndExcluding : 4.0.24.34808 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:lenovo:ix12-300r:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 7DEEAB5E-4F49-4315-B331-E96D3C36BF7D (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

2 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:lenovo:home_media_network_hard_drive_firmware:*:*:*:*:cloud:*:*:* (string)

matchCriteriaId : CE01E59B-BB43-467A-A983-FCB2B485FD91 (string)

versionEndExcluding : 3.2.16.30221 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:lenovo:home_media_network_hard_drive:-:*:*:*:*:*:*:* (string)

matchCriteriaId : B79E103A-705F-4BAA-98DC-290302CB298E (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

3 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:lenovo:storcenter_ix2-200_firmware:*:*:*:*:cloud:*:*:* (string)

matchCriteriaId : E68008D9-E672-44E6-9110-A1084A297CC7 (string)

versionEndExcluding : 3.2.16.30221 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:lenovo:storcenter_ix2-200:-:*:*:*:*:*:*:* (string)

matchCriteriaId : ECC671AA-4C30-47DE-8BE4-986F480356C1 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

4 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:lenovo:storcenter_ix4-200d_firmware:*:*:*:*:cloud:*:*:* (string)

matchCriteriaId : 8355B16F-A04F-4AB0-A3AF-1108D7D81D7C (string)

versionEndExcluding : 3.2.16.30221 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:lenovo:storcenter_ix4-200d:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 22351E6B-AED2-43CA-A91B-A9C530A465AE (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

5 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:lenovo:storcenter_ix2-200_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 0B6C230F-BB67-4721-AF47-B25FC2DF9099 (string)

versionEndExcluding : 2.1.50.30227 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:lenovo:storcenter_ix-200:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 49029F54-9D53-4B48-BBD1-156F586BBDBB (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

6 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:lenovo:storcenter_ix4-200d_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : C086F80D-C629-49E7-A8B7-581CE3BD3C43 (string)

versionEndExcluding : 2.1.50.30227 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:lenovo:storcenter_ix4-200d:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 22351E6B-AED2-43CA-A91B-A9C530A465AE (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

7 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:lenovo:storcenter_ix4-200rl_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 0B35540D-43A2-42DA-BF5A-38A32A3F07E2 (string)

versionEndExcluding : 2.1.50.30227 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:lenovo:storcenter_ix4-200rl:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 02B4B193-E037-4DCB-94F1-0F7A2D7F290B (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : A vulnerability in various versions of Iomega and LenovoEMC NAS products could allow an unauthenticated user to access files on NAS shares via the API. (string)

}

1 : { »

lang : es (string)

value : Una vulnerabilidad en varias versiones de los productos NAS de Iomega y LenovoEMC, podría permitir a un usuario no autenticado acceder a archivos en recursos compartidos de NAS por medio de la API. (string)

}

]

id : CVE-2019-6160 (string)

lastModified : 2024-11-21T04:46:03.290 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : NONE (string)

baseScore : 5 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : NONE (string)

vectorString : AV:N/AC:L/Au:N/C:P/I:N/A:N (string)

version : 2.0 (string)

}

exploitabilityScore : 10 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV30 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 8.8 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (string)

version : 3.0 (string)

}

exploitabilityScore : 2.8 (number)

impactScore : 5.9 (number)

source : psirt@lenovo.com (string)

type : Secondary (string)

}

1 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 7.5 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : NONE (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N (string)

version : 3.0 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 3.6 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2019-07-16T19:15:13.127 (string)

references : [ »

0 : { »

source : psirt@lenovo.com (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : https://support.lenovo.com/solutions/LEN-25557 (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : https://support.lenovo.com/solutions/LEN-25557 (string)

}

]

sourceIdentifier : psirt@lenovo.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : NVD-CWE-noinfo (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object