Sign-up

ID

VAR-202102-0640


CVE

CVE-2021-22300


TITLE

eCNS280_TD  Vulnerability of important information in plaintext

Trust: 0.8

sources: JVNDB: JVNDB-2021-003377

DESCRIPTION

There is an information leak vulnerability in eCNS280_TD versions V100R005C00 and V100R005C10. A command does not have timeout exit mechanism. Temporary file contains sensitive information. This allows attackers to obtain information by inter-process access that requires other methods. eCNS280_TD Contains a vulnerability in the plaintext storage of important information.Information may be obtained. Huawei eCNS280 is the core network equipment of China's Huawei (Huawei) wireless broadband trunking system. In addition to providing the network functions of the traditional core network, it also provides capacity configuration for each network element according to the actual application by virtualizing the network element functions and sharing standardized hardware resources among multiple network elements, which improves the efficiency of network expansion and reduction. No detailed vulnerability details are currently provided

Trust: 2.25

sources: NVD: CVE-2021-22300 // JVNDB: JVNDB-2021-003377 // CNVD: CNVD-2021-20279 // VULMON: CVE-2021-22300

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-20279

AFFECTED PRODUCTS

vendor:huaweimodel:ecns280 tdscope:eqversion:v100r005c10

Trust: 1.0

vendor:huaweimodel:ecns280 tdscope:eqversion:v100r005c00

Trust: 1.0

vendor:huaweimodel:ecns280 tdscope:eqversion:ecns280_td firmware v100r005c00

Trust: 0.8

vendor:huaweimodel:ecns280 tdscope:eqversion: -

Trust: 0.8

vendor:huaweimodel:ecns280 tdscope:eqversion:ecns280_td firmware v100r005c10

Trust: 0.8

vendor:huaweimodel:ecns280 v100r005c00scope: - version: -

Trust: 0.6

vendor:huaweimodel:ecns280 v100r005c10scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2021-20279 // JVNDB: JVNDB-2021-003377 // NVD: CVE-2021-22300

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-22300
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-22300
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2021-20279
value: LOW

Trust: 0.6

CNNVD: CNNVD-202102-548
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2021-22300
severity: LOW
baseScore: 1.9
vectorString: AV:L/AC:M/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.4
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2021-20279
severity: LOW
baseScore: 1.9
vectorString: AV:L/AC:M/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.4
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2021-22300
baseSeverity: MEDIUM
baseScore: 4.1
vectorString: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 0.5
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2021-22300
baseSeverity: MEDIUM
baseScore: 4.1
vectorString: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-20279 // JVNDB: JVNDB-2021-003377 // CNNVD: CNNVD-202102-548 // NVD: CVE-2021-22300

PROBLEMTYPE DATA

problemtype:CWE-312

Trust: 1.0

problemtype:Plaintext storage of important information (CWE-312) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-003377 // NVD: CVE-2021-22300

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202102-548

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202102-548

PATCH

title:huawei-sa-20210127-01-cgpurl:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210127-01-cgp-en

Trust: 0.8

title:Patch for Huawei eCNS280 information disclosure vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/254131

Trust: 0.6

title:Huawei eCNS280 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=140951

Trust: 0.6

sources: CNVD: CNVD-2021-20279 // JVNDB: JVNDB-2021-003377 // CNNVD: CNNVD-202102-548

EXTERNAL IDS

db:NVDid:CVE-2021-22300

Trust: 3.1

db:JVNDBid:JVNDB-2021-003377

Trust: 0.8

db:CNVDid:CNVD-2021-20279

Trust: 0.6

db:CNNVDid:CNNVD-202102-548

Trust: 0.6

db:VULMONid:CVE-2021-22300

Trust: 0.1

sources: CNVD: CNVD-2021-20279 // VULMON: CVE-2021-22300 // JVNDB: JVNDB-2021-003377 // CNNVD: CNNVD-202102-548 // NVD: CVE-2021-22300

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2021-22300

Trust: 2.0

url:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210127-01-cgp-en

Trust: 1.7

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2021-20279 // VULMON: CVE-2021-22300 // JVNDB: JVNDB-2021-003377 // CNNVD: CNNVD-202102-548 // NVD: CVE-2021-22300

SOURCES

db:CNVDid:CNVD-2021-20279
db:VULMONid:CVE-2021-22300
db:JVNDBid:JVNDB-2021-003377
db:CNNVDid:CNNVD-202102-548
db:NVDid:CVE-2021-22300

LAST UPDATE DATE

2024-11-23T22:47:42.178000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2021-20279date:2021-03-23T00:00:00
db:VULMONid:CVE-2021-22300date:2021-02-10T00:00:00
db:JVNDBid:JVNDB-2021-003377date:2021-10-25T08:42:00
db:CNNVDid:CNNVD-202102-548date:2021-02-18T00:00:00
db:NVDid:CVE-2021-22300date:2024-11-21T05:49:52.147

SOURCES RELEASE DATE

db:CNVDid:CNVD-2021-20279date:2021-03-21T00:00:00
db:VULMONid:CVE-2021-22300date:2021-02-06T00:00:00
db:JVNDBid:JVNDB-2021-003377date:2021-10-25T00:00:00
db:CNNVDid:CNNVD-202102-548date:2021-02-05T00:00:00
db:NVDid:CVE-2021-22300date:2021-02-06T01:15:13.747