CVE-2021-22300 - Vulnerability Details - OpenCVE

There is an information leak vulnerability in eCNS280_TD versions V100R005C00 and V100R005C10. A command does not have timeout exit mechanism. Temporary file contains sensitive information. This allows attackers to obtain information by inter-process access that requires other methods.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Huawei	Ecns280 Td Ecns280 Td Firmware

Configuration 1 [-]

AND

OR	cpe:2.3:o:huawei:ecns280_td_firmware:v100r005c00:::::::*
	cpe:2.3:o:huawei:ecns280_td_firmware:v100r005c10:::::::*

cpe:2.3:h:huawei:ecns280_td:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210127-01-cgp-en

History

No history.

MITRE

Status: PUBLISHED

Assigner: huawei

Published: 2021-02-06T00:38:25

Updated: 2024-08-03T18:37:18.511Z

Reserved: 2021-01-05T00:00:00

Link: CVE-2021-22300

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-02-06T01:15:13.747

Modified: 2024-11-21T05:49:52.147

Link: CVE-2021-22300

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "eCNS280_TD", "vendor": "n/a", "versions": [{"status": "affected", "version": "V100R005C00"}, {"status": "affected", "version": "V100R005C10"}]}], "descriptions": [{"lang": "en", "value": "There is an information leak vulnerability in eCNS280_TD versions V100R005C00 and V100R005C10. A command does not have timeout exit mechanism. Temporary file contains sensitive information. This allows attackers to obtain information by inter-process access that requires other methods."}], "problemTypes": [{"descriptions": [{"description": "Information Leak", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-02-06T00:38:25", "orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210127-01-cgp-en"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@huawei.com", "ID": "CVE-2021-22300", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "eCNS280_TD", "version": {"version_data": [{"version_value": "V100R005C00"}, {"version_value": "V100R005C10"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "There is an information leak vulnerability in eCNS280_TD versions V100R005C00 and V100R005C10. A command does not have timeout exit mechanism. Temporary file contains sensitive information. This allows attackers to obtain information by inter-process access that requires other methods."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Information Leak"}]}]}, "references": {"reference_data": [{"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210127-01-cgp-en", "refsource": "CONFIRM", "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210127-01-cgp-en"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T18:37:18.511Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210127-01-cgp-en"}]}]}, "cveMetadata": {"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "assignerShortName": "huawei", "cveId": "CVE-2021-22300", "datePublished": "2021-02-06T00:38:25", "dateReserved": "2021-01-05T00:00:00", "dateUpdated": "2024-08-03T18:37:18.511Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:ecns280_td_firmware:v100r005c00:*:*:*:*:*:*:*", "matchCriteriaId": "18C1EB72-9E1B-4ECD-9FEF-9B4AC5625E8A", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:ecns280_td_firmware:v100r005c10:*:*:*:*:*:*:*", "matchCriteriaId": "6B5F31C0-805E-4AB7-9BC6-EEB6FE5275F1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:ecns280_td:-:*:*:*:*:*:*:*", "matchCriteriaId": "900FA565-05B8-41E9-BE02-9BC4E14A28F9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "There is an information leak vulnerability in eCNS280_TD versions V100R005C00 and V100R005C10. A command does not have timeout exit mechanism. Temporary file contains sensitive information. This allows attackers to obtain information by inter-process access that requires other methods."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de filtrado de informaci\u00f3n en eCNS280_TD versiones V100R005C00 y V100R005C10. Un comando no presenta mecanismo de salida por tiempo de espera. El archivo temporal contiene informaci\u00f3n confidencial. Esto permite a atacantes conseguir informaci\u00f3n mediante el acceso entre procesos que requieren otros m\u00e9todos"}], "id": "CVE-2021-22300", "lastModified": "2024-11-21T05:49:52.147", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 1.9, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 0.5, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-02-06T01:15:13.747", "references": [{"source": "psirt@huawei.com", "tags": ["Vendor Advisory"], "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210127-01-cgp-en"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210127-01-cgp-en"}], "sourceIdentifier": "psirt@huawei.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-312"}], "source": "nvd@nist.gov", "type": "Primary"}]}