Vulnerability-Lookup

CVE-2021-22300 (GCVE-0-2021-22300)

Vulnerability from cvelistv5 – Published: 2021-02-06 00:38 – Updated: 2024-08-03 18:37

Summary

Severity ?

No CVSS data available.

CWE

Information Leak

Assigner

huawei

References

URL

	Vendor	Product	Version
	n/a	eCNS280_TD	Affected: V100R005C00 Affected: V100R005C10

GHSA-5WQ8-R82H-2QQC

Vulnerability from github – Published: 2022-05-24 17:41 – Updated: 2022-05-24 17:41

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-22300"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-02-06T01:15:00Z",
    "severity": "MODERATE"
  },
  "details": "There is an information leak vulnerability in eCNS280_TD versions V100R005C00 and V100R005C10. A command does not have timeout exit mechanism. Temporary file contains sensitive information. This allows attackers to obtain information by inter-process access that requires other methods.",
  "id": "GHSA-5wq8-r82h-2qqc",
  "modified": "2022-05-24T17:41:14Z",
  "published": "2022-05-24T17:41:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22300"
    },
    {
      "type": "WEB",
      "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210127-01-cgp-en"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CNVD-2021-20279

Vulnerability from cnvd - Published: 2021-03-21

Title

Huawei eCNS280信息泄露漏洞

Description

Huawei eCNS280是中国华为（Huawei）公司的无线宽带集群系统的核心网设备。提供传统核心网的网络功能外，还通过将网元功能虚拟化、在多网元间共享标准化硬件资源，来给各网元提供可根据实际应用的容量配置，提高网络扩容减容效率，提升业务上线效率 Huawei eCNS280 versions V100R005C00 and V100R005C10存在安全漏洞，该漏洞允许攻击者可利用该漏洞通过进程间访问获取信息。目前没有详细的漏洞细节提供。

Severity

低

Patch Name

Huawei eCNS280信息泄露漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210127-01-cgp-en

Reference

https://nvd.nist.gov/vuln/detail/CVE-2021-22300

Impacted products

Name
['Huawei eCNS280 V100R005C00', 'Huawei eCNS280 V100R005C10']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-22300",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-22300"
    }
  },
  "description": "Huawei eCNS280\u662f\u4e2d\u56fd\u534e\u4e3a\uff08Huawei\uff09\u516c\u53f8\u7684\u65e0\u7ebf\u5bbd\u5e26\u96c6\u7fa4\u7cfb\u7edf\u7684\u6838\u5fc3\u7f51\u8bbe\u5907\u3002\u63d0\u4f9b\u4f20\u7edf\u6838\u5fc3\u7f51\u7684\u7f51\u7edc\u529f\u80fd\u5916\uff0c\u8fd8\u901a\u8fc7\u5c06\u7f51\u5143\u529f\u80fd\u865a\u62df\u5316\u3001\u5728\u591a\u7f51\u5143\u95f4\u5171\u4eab\u6807\u51c6\u5316\u786c\u4ef6\u8d44\u6e90\uff0c\u6765\u7ed9\u5404\u7f51\u5143\u63d0\u4f9b\u53ef\u6839\u636e\u5b9e\u9645\u5e94\u7528\u7684\u5bb9\u91cf\u914d\u7f6e\uff0c\u63d0\u9ad8\u7f51\u7edc\u6269\u5bb9\u51cf\u5bb9\u6548\u7387\uff0c\u63d0\u5347\u4e1a\u52a1\u4e0a\u7ebf\u6548\u7387\n\nHuawei eCNS280 versions V100R005C00 and V100R005C10\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u5141\u8bb8\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u8fdb\u7a0b\u95f4\u8bbf\u95ee\u83b7\u53d6\u4fe1\u606f\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210127-01-cgp-en",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-20279",
  "openTime": "2021-03-21",
  "patchDescription": "Huawei eCNS280\u662f\u4e2d\u56fd\u534e\u4e3a\uff08Huawei\uff09\u516c\u53f8\u7684\u65e0\u7ebf\u5bbd\u5e26\u96c6\u7fa4\u7cfb\u7edf\u7684\u6838\u5fc3\u7f51\u8bbe\u5907\u3002\u63d0\u4f9b\u4f20\u7edf\u6838\u5fc3\u7f51\u7684\u7f51\u7edc\u529f\u80fd\u5916\uff0c\u8fd8\u901a\u8fc7\u5c06\u7f51\u5143\u529f\u80fd\u865a\u62df\u5316\u3001\u5728\u591a\u7f51\u5143\u95f4\u5171\u4eab\u6807\u51c6\u5316\u786c\u4ef6\u8d44\u6e90\uff0c\u6765\u7ed9\u5404\u7f51\u5143\u63d0\u4f9b\u53ef\u6839\u636e\u5b9e\u9645\u5e94\u7528\u7684\u5bb9\u91cf\u914d\u7f6e\uff0c\u63d0\u9ad8\u7f51\u7edc\u6269\u5bb9\u51cf\u5bb9\u6548\u7387\uff0c\u63d0\u5347\u4e1a\u52a1\u4e0a\u7ebf\u6548\u7387\r\n\r\nHuawei eCNS280 versions V100R005C00 and V100R005C10\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u5141\u8bb8\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u8fdb\u7a0b\u95f4\u8bbf\u95ee\u83b7\u53d6\u4fe1\u606f\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Huawei eCNS280\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Huawei eCNS280 V100R005C00",
      "Huawei eCNS280 V100R005C10"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-22300",
  "serverity": "\u4f4e",
  "submitTime": "2021-01-29",
  "title": "Huawei eCNS280\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

VAR-202102-0640

Vulnerability from variot - Updated: 2024-11-23 22:47

There is an information leak vulnerability in eCNS280_TD versions V100R005C00 and V100R005C10. A command does not have timeout exit mechanism. Temporary file contains sensitive information. This allows attackers to obtain information by inter-process access that requires other methods. eCNS280_TD Contains a vulnerability in the plaintext storage of important information.Information may be obtained. Huawei eCNS280 is the core network equipment of China's Huawei (Huawei) wireless broadband trunking system. In addition to providing the network functions of the traditional core network, it also provides capacity configuration for each network element according to the actual application by virtualizing the network element functions and sharing standardized hardware resources among multiple network elements, which improves the efficiency of network expansion and reduction. No detailed vulnerability details are currently provided

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202102-0640",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ecns280 td",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "v100r005c10"
      },
      {
        "model": "ecns280 td",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "v100r005c00"
      },
      {
        "model": "ecns280 td",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "huawei",
        "version": "ecns280_td  firmware  v100r005c00"
      },
      {
        "model": "ecns280 td",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "ecns280 td",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "huawei",
        "version": "ecns280_td  firmware  v100r005c10"
      },
      {
        "model": "ecns280 v100r005c00",
        "scope": null,
        "trust": 0.6,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "ecns280 v100r005c10",
        "scope": null,
        "trust": 0.6,
        "vendor": "huawei",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-20279"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003377"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-22300"
      }
    ]
  },
  "cve": "CVE-2021-22300",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 1.9,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.4,
            "id": "CVE-2021-22300",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 1.8,
            "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 1.9,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.4,
            "id": "CNVD-2021-20279",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 0.6,
            "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 4.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 0.5,
            "id": "CVE-2021-22300",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "High",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.1,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2021-22300",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "High",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2021-22300",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2021-22300",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2021-20279",
            "trust": 0.6,
            "value": "LOW"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202102-548",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-20279"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003377"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-548"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-22300"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "There is an information leak vulnerability in eCNS280_TD versions V100R005C00 and V100R005C10. A command does not have timeout exit mechanism. Temporary file contains sensitive information. This allows attackers to obtain information by inter-process access that requires other methods. eCNS280_TD Contains a vulnerability in the plaintext storage of important information.Information may be obtained. Huawei eCNS280 is the core network equipment of China\u0027s Huawei (Huawei) wireless broadband trunking system. In addition to providing the network functions of the traditional core network, it also provides capacity configuration for each network element according to the actual application by virtualizing the network element functions and sharing standardized hardware resources among multiple network elements, which improves the efficiency of network expansion and reduction. No detailed vulnerability details are currently provided",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-22300"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003377"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2021-20279"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-22300"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-22300",
        "trust": 3.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003377",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2021-20279",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-548",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-22300",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-20279"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-22300"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003377"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-548"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-22300"
      }
    ]
  },
  "id": "VAR-202102-0640",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-20279"
      }
    ],
    "trust": 1.4181818000000002
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-20279"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:47:42.178000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "huawei-sa-20210127-01-cgp",
        "trust": 0.8,
        "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210127-01-cgp-en"
      },
      {
        "title": "Patch for Huawei eCNS280 information disclosure vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/254131"
      },
      {
        "title": "Huawei eCNS280 Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=140951"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-20279"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003377"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-548"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-312",
        "trust": 1.0
      },
      {
        "problemtype": "Plaintext storage of important information (CWE-312) [NVD Evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003377"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-22300"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22300"
      },
      {
        "trust": 1.7,
        "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210127-01-cgp-en"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-20279"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-22300"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003377"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-548"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-22300"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-20279"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-22300"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003377"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-548"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-22300"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-03-21T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2021-20279"
      },
      {
        "date": "2021-02-06T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-22300"
      },
      {
        "date": "2021-10-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-003377"
      },
      {
        "date": "2021-02-05T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202102-548"
      },
      {
        "date": "2021-02-06T01:15:13.747000",
        "db": "NVD",
        "id": "CVE-2021-22300"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-03-23T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2021-20279"
      },
      {
        "date": "2021-02-10T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-22300"
      },
      {
        "date": "2021-10-25T08:42:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-003377"
      },
      {
        "date": "2021-02-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202102-548"
      },
      {
        "date": "2024-11-21T05:49:52.147000",
        "db": "NVD",
        "id": "CVE-2021-22300"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-548"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "eCNS280_TD\u00a0 Vulnerability of important information in plaintext",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003377"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-548"
      }
    ],
    "trust": 0.6
  }
}

GSD-2021-22300

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2021-22300

Aliases

CVE-2021-22300

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-22300",
    "description": "There is an information leak vulnerability in eCNS280_TD versions V100R005C00 and V100R005C10. A command does not have timeout exit mechanism. Temporary file contains sensitive information. This allows attackers to obtain information by inter-process access that requires other methods.",
    "id": "GSD-2021-22300"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-22300"
      ],
      "details": "There is an information leak vulnerability in eCNS280_TD versions V100R005C00 and V100R005C10. A command does not have timeout exit mechanism. Temporary file contains sensitive information. This allows attackers to obtain information by inter-process access that requires other methods.",
      "id": "GSD-2021-22300",
      "modified": "2023-12-13T01:23:24.098067Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@huawei.com",
        "ID": "CVE-2021-22300",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "eCNS280_TD",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "V100R005C00"
                        },
                        {
                          "version_value": "V100R005C10"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "There is an information leak vulnerability in eCNS280_TD versions V100R005C00 and V100R005C10. A command does not have timeout exit mechanism. Temporary file contains sensitive information. This allows attackers to obtain information by inter-process access that requires other methods."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Information Leak"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210127-01-cgp-en",
            "refsource": "CONFIRM",
            "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210127-01-cgp-en"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:ecns280_td_firmware:v100r005c00:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:ecns280_td_firmware:v100r005c10:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:huawei:ecns280_td:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@huawei.com",
          "ID": "CVE-2021-22300"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "There is an information leak vulnerability in eCNS280_TD versions V100R005C00 and V100R005C10. A command does not have timeout exit mechanism. Temporary file contains sensitive information. This allows attackers to obtain information by inter-process access that requires other methods."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-312"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210127-01-cgp-en",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210127-01-cgp-en"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 1.9,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 3.4,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 0.5,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2021-02-10T20:03Z",
      "publishedDate": "2021-02-06T01:15Z"
    }
  }
}

FKIE_CVE-2021-22300

Vulnerability from fkie_nvd - Published: 2021-02-06 01:15 - Updated: 2024-11-21 05:49

Severity ?

4.1 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

Summary

References

	URL	Tags
	psirt@huawei.com	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210127-01-cgp-en	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210127-01-cgp-en	Vendor Advisory

Impacted products

Vendor	Product	Version
huawei	ecns280_td_firmware	v100r005c00
huawei	ecns280_td_firmware	v100r005c10
huawei	ecns280_td	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:ecns280_td_firmware:v100r005c00:*:*:*:*:*:*:*",
              "matchCriteriaId": "18C1EB72-9E1B-4ECD-9FEF-9B4AC5625E8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:ecns280_td_firmware:v100r005c10:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B5F31C0-805E-4AB7-9BC6-EEB6FE5275F1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:huawei:ecns280_td:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "900FA565-05B8-41E9-BE02-9BC4E14A28F9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "There is an information leak vulnerability in eCNS280_TD versions V100R005C00 and V100R005C10. A command does not have timeout exit mechanism. Temporary file contains sensitive information. This allows attackers to obtain information by inter-process access that requires other methods."
    },
    {
      "lang": "es",
      "value": "Se presenta una vulnerabilidad de filtrado de informaci\u00f3n en eCNS280_TD versiones V100R005C00 y V100R005C10. Un comando no presenta mecanismo de salida por tiempo de espera. El archivo temporal contiene informaci\u00f3n confidencial. Esto permite a atacantes conseguir informaci\u00f3n mediante el acceso entre procesos que requieren otros m\u00e9todos"
    }
  ],
  "id": "CVE-2021-22300",
  "lastModified": "2024-11-21T05:49:52.147",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 1.9,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 4.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 0.5,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-02-06T01:15:13.747",
  "references": [
    {
      "source": "psirt@huawei.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210127-01-cgp-en"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210127-01-cgp-en"
    }
  ],
  "sourceIdentifier": "psirt@huawei.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-312"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-22300 (GCVE-0-2021-22300)

GHSA-5WQ8-R82H-2QQC

CNVD-2021-20279

VAR-202102-0640

GSD-2021-22300

FKIE_CVE-2021-22300

Tags

Sightings

Nomenclature