From e54e8cd7ca490c1f7238a4e38ae5a61bbae2bb40 Mon Sep 17 00:00:00 2001 From: lenpsirt Date: Fri, 16 Aug 2019 16:36:59 -0400 Subject: [PATCH] Update CVE-2019-6178.json populated data for CVE-2019-6178 --- 2019/6xxx/CVE-2019-6178.json | 107 ++++++++++++++++++++++++++++++----- 1 file changed, 92 insertions(+), 15 deletions(-) diff --git a/2019/6xxx/CVE-2019-6178.json b/2019/6xxx/CVE-2019-6178.json index 39ede311692..3547b6410e6 100644 --- a/2019/6xxx/CVE-2019-6178.json +++ b/2019/6xxx/CVE-2019-6178.json @@ -1,18 +1,95 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-6178", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "CVE_data_meta": { + "ASSIGNER": "psirt@lenovo.com", + "DATE_PUBLIC": "2019-08-16T20:00:00.000Z", + "ID": "CVE-2019-6178", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product": { + "product_data": [ + { + "product_name": "NAS products", + "version": { + "version_data": [ + { + "affected": "=", + "version_value": "various" + } + ] + } + } + ] + }, + "vendor_name": "Iomega and LenovoEMC" } - ] - } -} \ No newline at end of file + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Lenovo would like to thank Rafael Pedrero for reporting this issue." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information leakage vulnerability in Iomega and LenovoEMC NAS products could allow disclosure of some device details such as Share names through the device API when Personal Cloud is enabled. This does not allow read, write, delete, or any other access to the underlying file systems and their contents." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://support.lenovo.com/solutions/LEN-25557" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "To protect your device against this vulnerability, disable Personal Cloud. If Personal Cloud is enabled, avoid using sensitive share names and only use the device on trusted networks." + } + ], + "source": { + "advisory": "LEN-25557", + "discovery": "UNKNOWN" + } +}