fkie_cve-2021-22310
Vulnerability from fkie_nvd
Published
2021-03-22 19:15
Modified
2024-11-21 05:49
Severity ?
Summary
There is an information leakage vulnerability in some huawei products. Due to the properly storage of specific information in the log file, the attacker can obtain the information when a user logs in to the device. Successful exploit may cause an information leak. Affected product versions include: NIP6300 versions V500R001C00,V500R001C20,V500R001C30;NIP6600 versions V500R001C00,V500R001C20,V500R001C30;Secospace USG6300 versions V500R001C00,V500R001C20,V500R001C30;Secospace USG6500 versions V500R001C00,V500R001C20,V500R001C30;Secospace USG6600 versions V500R001C00,V500R001C20,V500R001C30,V500R001C50,V500R001C60,V500R001C80;USG9500 versions V500R005C00,V500R005C10.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| huawei | nip6300_firmware | v500r001c00 | |
| huawei | nip6300_firmware | v500r001c20 | |
| huawei | nip6300_firmware | v500r001c30 | |
| huawei | nip6300 | - | |
| huawei | nip6600_firmware | v500r001c00 | |
| huawei | nip6600_firmware | v500r001c20 | |
| huawei | nip6600_firmware | v500r001c30 | |
| huawei | nip6600 | - | |
| huawei | secospace_usg6300_firmware | v500r001c00 | |
| huawei | secospace_usg6300_firmware | v500r001c20 | |
| huawei | secospace_usg6300_firmware | v500r001c30 | |
| huawei | secospace_usg6300 | - | |
| huawei | secospace_usg6500_firmware | v500r001c00 | |
| huawei | secospace_usg6500_firmware | v500r001c20 | |
| huawei | secospace_usg6500_firmware | v500r001c30 | |
| huawei | secospace_usg6500 | - | |
| huawei | secospace_usg6600_firmware | v500r001c00 | |
| huawei | secospace_usg6600_firmware | v500r001c20 | |
| huawei | secospace_usg6600_firmware | v500r001c30 | |
| huawei | secospace_usg6600_firmware | v500r001c50 | |
| huawei | secospace_usg6600_firmware | v500r001c60 | |
| huawei | secospace_usg6600_firmware | v500r001c80 | |
| huawei | secospace_usg6600 | - | |
| huawei | usg9500_firmware | v500r005c00 | |
| huawei | usg9500_firmware | v500r005c10 | |
| huawei | usg9500 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:nip6300_firmware:v500r001c00:*:*:*:*:*:*:*",
"matchCriteriaId": "4B469A91-4CD0-44D2-A982-3E612B855E71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:nip6300_firmware:v500r001c20:*:*:*:*:*:*:*",
"matchCriteriaId": "1856722C-597D-495D-AFCC-21E5FF6F2359",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:nip6300_firmware:v500r001c30:*:*:*:*:*:*:*",
"matchCriteriaId": "728A7B78-6E19-4656-848F-269DB955070C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:nip6300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5E054182-CE33-45E3-8595-159A75BA5162",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:nip6600_firmware:v500r001c00:*:*:*:*:*:*:*",
"matchCriteriaId": "5F2E0857-39E8-46C2-A723-9F09C052F2F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:nip6600_firmware:v500r001c20:*:*:*:*:*:*:*",
"matchCriteriaId": "CDC040A6-3E38-4B21-9779-67CF66FDC6B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:nip6600_firmware:v500r001c30:*:*:*:*:*:*:*",
"matchCriteriaId": "946F5FF7-412F-40F9-A492-DE8E11E7B919",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:nip6600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CE8CA649-7AE1-497C-869B-B4DD315F342C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c00:*:*:*:*:*:*:*",
"matchCriteriaId": "4C996915-83A1-4EA5-A8E1-F609DA879D2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c20:*:*:*:*:*:*:*",
"matchCriteriaId": "11CAA59E-F2A8-4E84-BCC5-CADA8FDA9712",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c30:*:*:*:*:*:*:*",
"matchCriteriaId": "0A8AEAB1-6106-47A2-8207-67E557A8BF80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:secospace_usg6300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C281B511-7A27-4FC6-9427-AE5AD7C302F3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c00:*:*:*:*:*:*:*",
"matchCriteriaId": "3189382E-6846-4713-A92F-ABD03683F4A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c20:*:*:*:*:*:*:*",
"matchCriteriaId": "B3983A57-2F07-4D21-9093-1DFEAB310E26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c30:*:*:*:*:*:*:*",
"matchCriteriaId": "627F40B6-8CD1-47EE-8937-F1FAAAB86F0D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:secospace_usg6500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0ED6E342-26E7-45DF-AC3F-EFEBAE3DDDF0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c00:*:*:*:*:*:*:*",
"matchCriteriaId": "E990766D-FBD4-404E-A783-3D2D0BC210F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c20:*:*:*:*:*:*:*",
"matchCriteriaId": "A638ACAF-9A6F-4861-8CDB-E43FBC3C9C5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c30:*:*:*:*:*:*:*",
"matchCriteriaId": "ADB7FBB2-1CC6-4DA3-85AB-66562B0A9198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c50:*:*:*:*:*:*:*",
"matchCriteriaId": "72CE6722-BA5D-4AAE-9C72-36F06EB4DFF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c60:*:*:*:*:*:*:*",
"matchCriteriaId": "F6AACFD2-9C9D-49E3-A911-0CF58F863EE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c80:*:*:*:*:*:*:*",
"matchCriteriaId": "C0F5C89A-DA13-46D1-BDCF-0BD94F7B7861",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:secospace_usg6600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BE469876-F873-4705-9760-097AE840A818",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:usg9500_firmware:v500r005c00:*:*:*:*:*:*:*",
"matchCriteriaId": "E961C6AA-400A-41CF-A230-FE7182875F1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:usg9500_firmware:v500r005c10:*:*:*:*:*:*:*",
"matchCriteriaId": "5A32EF67-5C9D-4F2F-BCC9-D5C5C9F69544",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:usg9500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B6064BB-5E62-4D70-B933-05B5426EEE9C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is an information leakage vulnerability in some huawei products. Due to the properly storage of specific information in the log file, the attacker can obtain the information when a user logs in to the device. Successful exploit may cause an information leak. Affected product versions include: NIP6300 versions V500R001C00,V500R001C20,V500R001C30;NIP6600 versions V500R001C00,V500R001C20,V500R001C30;Secospace USG6300 versions V500R001C00,V500R001C20,V500R001C30;Secospace USG6500 versions V500R001C00,V500R001C20,V500R001C30;Secospace USG6600 versions V500R001C00,V500R001C20,V500R001C30,V500R001C50,V500R001C60,V500R001C80;USG9500 versions V500R005C00,V500R005C10."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de filtrado de informaci\u00f3n en algunos productos Huawei.\u0026#xa0;Debido al almacenamiento apropiado de informaci\u00f3n espec\u00edfica en el archivo de registro, el atacante puede obtener la informaci\u00f3n cuando un usuario inicia sesi\u00f3n en el dispositivo.\u0026#xa0;Una explotaci\u00f3n con \u00e9xito puede causar un filtrado de informaci\u00f3n.\u0026#xa0;versiones de productos afectados incluyen: NIP6300 versiones V500R001C00, V500R001C20, V500R001C30; NIP6600 versiones V500R001C00, V500R001C20, V500R001C30; Secospace USG6300 versiones V500R001C00, V500R001C20, V500R001C30; Secospace USG6500 versiones V500R001C00, V500R001C20, V500R001C30; Secospace USG6600 versiones V500R001C00, V500R001C20, V500R001C30, V500R001C50, V500R001C60, V500R001C80; USG9500 versiones V500R005C00, V500R005C10"
}
],
"id": "CVE-2021-22310",
"lastModified": "2024-11-21T05:49:53.197",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-22T19:15:11.773",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210203-01-plaintextlog-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210203-01-plaintextlog-en"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…