4.4

CVE-2021-22310

EPSS 0.03%
Published 22.03.2021 19:15:11
Last modified 21.11.2024 05:49:53
Source psirt@huawei.com
Teams watchlist Login
Open Login

There is an information leakage vulnerability in some huawei products. Due to the properly storage of specific information in the log file, the attacker can obtain the information when a user logs in to the device. Successful exploit may cause an information leak. Affected product versions include: NIP6300 versions V500R001C00,V500R001C20,V500R001C30;NIP6600 versions V500R001C00,V500R001C20,V500R001C30;Secospace USG6300 versions V500R001C00,V500R001C20,V500R001C30;Secospace USG6500 versions V500R001C00,V500R001C20,V500R001C30;Secospace USG6600 versions V500R001C00,V500R001C20,V500R001C30,V500R001C50,V500R001C60,V500R001C80;USG9500 versions V500R005C00,V500R005C10.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Huawei ≫ Nip6300 Firmware Versionv500r001c00

Huawei ≫ Nip6300 Version-

Huawei ≫ Nip6300 Firmware Versionv500r001c20

Huawei ≫ Nip6300 Version-

Huawei ≫ Nip6300 Firmware Versionv500r001c30

Huawei ≫ Nip6300 Version-

Huawei ≫ Nip6600 Firmware Versionv500r001c00

Huawei ≫ Nip6600 Version-

Huawei ≫ Nip6600 Firmware Versionv500r001c20

Huawei ≫ Nip6600 Version-

Huawei ≫ Nip6600 Firmware Versionv500r001c30

Huawei ≫ Nip6600 Version-

Huawei ≫ Secospace Usg6300 Firmware Versionv500r001c00

Huawei ≫ Secospace Usg6300 Version-

Huawei ≫ Secospace Usg6300 Firmware Versionv500r001c20

Huawei ≫ Secospace Usg6300 Version-

Huawei ≫ Secospace Usg6300 Firmware Versionv500r001c30

Huawei ≫ Secospace Usg6300 Version-

Huawei ≫ Secospace Usg6500 Firmware Versionv500r001c00

Huawei ≫ Secospace Usg6500 Version-

Huawei ≫ Secospace Usg6500 Firmware Versionv500r001c20

Huawei ≫ Secospace Usg6500 Version-

Huawei ≫ Secospace Usg6500 Firmware Versionv500r001c30

Huawei ≫ Secospace Usg6500 Version-

Huawei ≫ Secospace Usg6600 Firmware Versionv500r001c00

Huawei ≫ Secospace Usg6600 Version-

Huawei ≫ Secospace Usg6600 Firmware Versionv500r001c20

Huawei ≫ Secospace Usg6600 Version-

Huawei ≫ Secospace Usg6600 Firmware Versionv500r001c30

Huawei ≫ Secospace Usg6600 Version-

Huawei ≫ Secospace Usg6600 Firmware Versionv500r001c50

Huawei ≫ Secospace Usg6600 Version-

Huawei ≫ Secospace Usg6600 Firmware Versionv500r001c60

Huawei ≫ Secospace Usg6600 Version-

Huawei ≫ Secospace Usg6600 Firmware Versionv500r001c80

Huawei ≫ Secospace Usg6600 Version-

Huawei ≫ Usg9500 Firmware Versionv500r005c00

Huawei ≫ Usg9500 Version-

Huawei ≫ Usg9500 Firmware Versionv500r005c10

Huawei ≫ Usg9500 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.03%	0.044

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.4	0.8	3.6	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:P/I:N/A:N

CWE-532 Insertion of Sensitive Information into Log File

The product writes sensitive information to a log file.

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210203-01-plaintextlog-en

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-22310

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-22310

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-22310

EUVD