CVE-2021-22310 Information
Description
There is an information leakage vulnerability in some huawei products. Due to the properly storage of specific information in the log file the attacker can obtain the information when a user logs in to the device. Successful exploit may cause an information leak. Affected product versions include: NIP6300 versions V500R001C00V500R001C20V500R001C30;NIP6600 versions V500R001C00V500R001C20V500R001C30;Secospace USG6300 versions V500R001C00V500R001C20V500R001C30;Secospace USG6500 versions V500R001C00V500R001C20V500R001C30;Secospace USG6600 versions V500R001C00V500R001C20V500R001C30V500R001C50V500R001C60V500R001C80;USG9500 versions V500R005C00V500R005C10.
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Reference
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210203-01-plaintextlog-en
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction Required
HIGH
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
NONE
Base Score
NONE
Base Severity
4.4
Share on: